ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aml Data Generator

v0.3.3

生成符合AMLSim格式的合成交易数据,将交易日志转换为用于反洗钱检测系统测试的模拟数据集,支持按银行ID分割账户、合并多源输出并生成交易网络图。

0· 120·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/aml-data-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Aml Data Generator" (tangweigang-jpg/aml-data-generator) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/aml-data-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aml-data-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install aml-data-generator
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description focus on AMLSim synthetic transaction data, graph generation, log conversion and data merging; however the human_summary and SKILL.md include several references to a trading/quant stack (ZVT, A-share backtests, MACD/backtest use-cases). SKILL.md also declares requirements (Python 3.12+ / uv) in text but the registry metadata lists no required binaries/env. This mixing of AML simulation and trading frameworks is incoherent: a pure AML data generator should not need ZVT/backtest semantics.
!
Instruction Scope
The runtime instructions and seed.yaml execution_protocol direct the agent to run precondition checks that execute Python code (import zvt, check kdata, init zvt dirs), test writing to ~/.zvt, and suggest pip installing packages (zvt). Seed.yaml also requires the agent to re-read seed.yaml before behavioral decisions and to follow a multi-step execution protocol. These steps involve reading environment state, touching files, and potentially installing packages — actions outside the stated remit of converting/generating AMLSim data.
Install Mechanism
No formal install spec is declared (instruction-only), which minimizes explicit install-time risk. However SKILL.md and seed.yaml contain textual 'preconditions' that instruct runtime package installs (pip install zvt) and workspace/install_recipe steps. Runtime/self-initiated installs are not reflected in the registry metadata and could cause unexpected code to be pulled in when the agent executes the instructions.
!
Credentials
The skill declares no required env vars or credentials, but its instructions reference and test environment state (ZVT_HOME, ~/.zvt), and ask the agent to create and remove files in the user's zvt home. It also implies network access for pip installs. Requesting access to user filesystem and package installation is disproportionate for an AML data transformer and is not justified by the SKILL.md description.
Persistence & Privilege
always:false (good). The skill allows autonomous invocation (default), which by itself is normal. Seed.yaml includes a strong execution rule that agents MUST re-read seed.yaml and obey its protocol on 'any behavioral decision' — this is a behavioral persistence mechanism (not a platform-level always:true) that could subtly influence agent behavior across interactions. The skill does not explicitly modify other skills' configs, but the implicit requirement to re-read seed.yaml increases its behavioral footprint.
What to consider before installing
This skill is internally inconsistent: it says it's an AMLSim data generator but embeds trading/backtest references and runtime checks for the ZVT ecosystem that are unrelated. Before installing or invoking it: 1) Ask the publisher for provenance and clarify whether ZVT/backtest functionality is intentionally required. 2) Do not allow the agent to run precondition commands or pip installs automatically — run those manually in a sandbox if needed. 3) Inspect references/seed.yaml and SKILL.md yourself (or in an isolated VM) to confirm there are no hidden network endpoints or install recipes. 4) Refuse granting filesystem or environment-wide permissions (do not expose home dir or set ZVT_HOME) unless you understand and accept the scope. 5) If you need only AML data conversion, request a trimmed version that removes trading-related preconditions and the 'must re-read seed.yaml' behavioral mandate. If you want me to produce concrete remediation suggestions (exact lines to remove or sandboxed commands to run), say so and I will produce them.

Like a lobster shell, security has layers — review code before you run it.

amlvk9758qgmb52mt3f0xw57e2afx985dqqkdatavk9758qgmb52mt3f0xw57e2afx985dqqkdoramagic-crystalvk9758qgmb52mt3f0xw57e2afx985dqqkfinancevk9758qgmb52mt3f0xw57e2afx985dqqklatestvk9758qgmb52mt3f0xw57e2afx985dqqkmlvk9758qgmb52mt3f0xw57e2afx985dqqk
120downloads
0stars
5versions
Updated 5d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
amldatadoramagic-crystalfinancelatestml
Download

AML 数据生成 (aml-data-generator)

生成符合AMLSim格式的合成交易数据,将交易日志转换为用于反洗钱检测系统测试的模拟数据集,支持按银行ID分割账户、合并多源输出并生成交易网络图。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (13 total)

Convert Logs to AML Simulation Data (UC-101)

Convert transaction log files into synthetic AML simulation data for testing anti-money laundering detection systems Triggers: convert logs, synthetic data, AML simulation

Split Accounts by Bank ID (UC-102)

Partition account CSV files by bank identifier for bank-specific analysis and processing Triggers: split accounts, bank ID, partition data

Combine AML Simulation Outputs (UC-103)

Aggregate multiple AMLSim output files into a consolidated dataset for comprehensive analysis Triggers: combine outputs, merge data, AMLSim aggregation

For all 13 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (15 total)

  • AP-REGTECH-001: Missing attribute initialization on data structures
  • AP-REGTECH-002: Self-loops in transaction graphs violate domain rules
  • AP-REGTECH-003: Unvalidated floating-point inputs cause runtime crashes

All 15 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-060. Evidence verify ratio = 15.9% and audit fail total = 22. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md15 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-060 blueprint at 2026-04-22T13:00:18.242568+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...