OpenD CLI for MooMoo
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent and purpose-aligned for MooMoo/Futu trading, but it gives an agent live order and cancel capability with broker credentials and no hard confirmation or account-scope enforcement.
Review carefully before installing. This appears to be a legitimate OpenD/MooMoo/Futu trading wrapper, not malware, but live trading is high impact. Keep SIMULATE as the default, do not provide live credentials unless you intend to trade, require explicit human confirmation for REAL orders or cancellations, and verify the missing 'openclaw' wrapper and credential metadata before relying on the package.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes the REAL path with available credentials, it could place or cancel real trades and cause financial loss.
The CLI exposes REAL trading plus order placement and cancellation. The artifacts rely on instructions and the SIMULATE default, but do not show a hard confirmation step, notional limit, or separate approval gate before live financial actions.
parser.add_argument("--trd-env", default="SIMULATE", choices=["SIMULATE", "REAL"], help="Trading environment") ... subparsers.add_parser("place-order", help="Place order") ... subparsers.add_parser("cancel-order", help="Cancel existing order by order id")Use SIMULATE by default, disable implicit use for live trading, and require an external human confirmation plus order-size/account limits before allowing '--trd-env REAL'.
A mistaken or underspecified request could trade in an unintended account.
When no account ID is provided, the code automatically selects an active or first matching account. For live order placement or cancellation, this can affect the wrong account if the agent omits or mis-resolves '--acc-id'.
if explicit_acc_id is not None:
return explicit_acc_id
...
if row.get("acc_status") == getattr(self.ft.TrdAccStatus, "ACTIVE", None):
return int(row["acc_id"])
...
if row.get("trd_env") == trd_env:
return int(row["acc_id"])Require an explicit '--acc-id' for all REAL place-order and cancel-order operations, and show the selected account in a confirmation prompt before execution.
Installing users may grant access to credentials that can unlock live trading.
The skill clearly discloses broker-password inputs and local credential storage options. These are purpose-aligned for OpenD live trading, but they grant sensitive account authority and are not reflected in the registry metadata's credential declarations.
Secrets: - `OPEND_PASSWORD_SECRET_REF` - `MOOMOO_PASSWORD` - `MOOMOO_CONFIG_KEY` ... `keyring` stores credentials in the OS keychain.
Prefer OpenClaw secret refs, avoid legacy env/config/keyring methods in hosted use, and update registry metadata to declare the supported secret inputs.
Pointing OPEND_SDK_PATH at an unsafe directory could run malicious Python code under the user's account.
A user-controlled SDK path is inserted before importing the provider SDK. This is disclosed with a warning and is useful for local SDK selection, but importing Python from an untrusted path can execute untrusted code.
sdk_path = os.getenv("OPEND_SDK_PATH")
if sdk_path and sdk_path not in sys.path:
...
sys.path.insert(0, sdk_path)
...
import moomoo as ftOnly use official, trusted MooMoo/Futu SDK installs and avoid OPEND_SDK_PATH unless the directory is controlled and reviewed.
The documented primary command may not work as installed, and users may need to run the Python CLI directly.
The supplied manifest does not include the documented primary 'openclaw' wrapper, while SKILL.md says to treat a missing wrapper as a packaging bug. The Python fallback is documented, so this is a packaging/provenance note rather than malicious behavior.
17 file(s): README.md, SKILL.md, agents/openai.yaml, credentials.py, get_market_snapshot.py, opend_cli.py, opend_core.py, ... setup_config.py
Verify the installed bundle includes the intended executable wrapper, or use 'python3 opend_cli.py' only after reviewing the included source.