OpenD CLI for MooMoo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like an intended MooMoo/Futu trading tool, but it can use real trading credentials to place or cancel live orders and its required secrets are not fully reflected in the registry metadata.
Install only if you intend to let the agent interact with your Futu/MooMoo OpenD setup. Keep trading in SIMULATE unless you explicitly want a live order, use OpenClaw-managed secrets rather than raw env/config/keyring credentials in hosted environments, verify the OpenD host is trusted, and review the package entrypoint/dependencies before providing real brokerage credentials.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with REAL trading and valid credentials, the agent could place or cancel real financial orders, potentially causing monetary loss.
The code directly submits and cancels orders through the trading API. Although SIMULATE is the default and live trading is documented as requiring explicit user intent, the code does not enforce a separate confirmation step, trade-size limit, or irreversible-action review for REAL trading.
ret, data = trade_ctx.place_order(**kwargs) ... ret, data = trade_ctx.modify_order(**kwargs)
Keep SIMULATE as the default, require an explicit user confirmation immediately before any REAL order or cancellation, add account/order/value limits, and consider separating live-trading commands from read-only and simulated workflows.
Users may not realize from the registry metadata that the skill can access high-impact trading credentials and use them to unlock a real brokerage account.
The registry contract omits credential and environment declarations, while the provided SKILL.md and code support trading-password inputs such as OPEND_PASSWORD_SECRET_REF, MOOMOO_PASSWORD, MOOMOO_CONFIG_KEY, and keyring/config loading to unlock trading.
Required env vars: none; Env var declarations: none; Primary credential: none
Declare all supported secret inputs and runtime overrides in the registry metadata, prefer OpenClaw secret refs for hosted use, and clearly mark legacy env/config/keyring modes as local-only.
If OPEND_SDK_PATH points to malicious or untrusted code, that code could run when the skill imports the SDK.
A user-controlled SDK path can change where Python imports the MooMoo/Futu SDK from. The skill warns users to use trusted code only, so this is disclosed, but importing from an untrusted path would execute arbitrary Python module code.
sdk_path = os.getenv("OPEND_SDK_PATH") ... sys.path.insert(0, sdk_path) ... import moomoo as ftUse only installed, trusted provider SDKs or a verified local SDK path, and declare OPEND_SDK_PATH as a supported runtime override.
The documented primary command may not work as installed, causing users or agents to fall back to direct Python execution and manual dependency setup.
The provided file manifest does not include the documented openclaw wrapper. The skill provides a Python fallback, so this is not evidence of hidden code execution, but it is a packaging/provenance inconsistency users should notice.
Use Bash CLI `./openclaw` for routine operations. If the wrapper is unavailable in a published bundle, use `python3 opend_cli.py` directly and treat that as a packaging bug.
Publish the missing wrapper or update the documentation and metadata so the installed entrypoint, dependencies, and supported environment variables match the package contents.