Convertible Bond Trading Bot

v1.0.0

可转债自动交易机器人，止跌企稳智能选股，上涨趋势自动高抛低吸，自带回测功能，年化收益30%+。每次调用0.01USDT。

⭐ 0· 144·0 current·0 all-time

by@baolige2023

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for baolige2023/convertible-bond-trading-bot.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Convertible Bond Trading Bot" (baolige2023/convertible-bond-trading-bot) from ClawHub.
Skill page: https://clawhub.ai/baolige2023/convertible-bond-trading-bot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install convertible-bond-trading-bot

ClawHub CLI

Package manager switcher

npx clawhub@latest install convertible-bond-trading-bot

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The name/description promise an automatic trading bot with real automatic trading and backtesting. The package includes a Flask web app, UI templates and local DB handling which fit that purpose, but there is no code or declared configuration for connecting to any real brokerage/exchange API (no API keys, no instructions for connecting to a broker). That makes the "自动交易（需配置API）" claim incomplete/unclear. Additionally, the SKILL.md and app embed a SkillPay API key for billing instead of declaring it as a required credential or environment variable, which is unexpected for a payment integration.

Instruction Scope

Runtime logic enforces a payment check (check_payment middleware) that calls an external billing endpoint and blocks most endpoints until payment is verified. The middleware will cause network calls to SkillPay.me and may redirect users to payment links. The SKILL.md also instructs use of third-party data sources (tushare/akshare) but does not declare or request their API tokens. The code writes a local SQLite DB under the skill directory and stores a server SECRET_KEY in code. These behaviors go beyond a simple read-only demo and can trigger external network activity and local data persistence without upfront credential declarations.

✓

Install Mechanism

There is no install spec and no downloads; the skill is instruction + included Python code. That lowers install risk — nothing arbitrary will be fetched during an install step. However, the runtime will perform outbound HTTP requests (billing) and writes to a local data directory when run.

Credentials

The skill declares no required environment variables or credentials, yet contains a hardcoded SkillPay API key in both SKILL.md and scripts/app.py and a hardcoded Flask SECRET_KEY. Hardcoding an API key that performs billing is disproportionate and risky: it exposes a secret in the published bundle and means payments will be processed against the holder of that key (likely the skill author). The skill also references data providers (tushare/akshare) which normally require API tokens, but those tokens are not declared or requested.

✓

Persistence & Privilege

The skill does not request platform-wide persistence (always:false). It creates and writes to a local SQLite database under the skill directory and uses session cookies; these are normal for a web app but should be noted. There is no evidence it modifies other skills or system settings.

What to consider before installing

This skill contains a runnable Flask app that will write a local SQLite DB and will call an external billing API to charge 0.01 USDT per operation. Before installing or running it: (1) be cautious — the SkillPay API key is hardcoded in the code and SKILL.md; that exposes a secret and means payments go to whoever controls that key; do not provide any real funds or sensitive credentials until you trust the owner. (2) Ask the author to remove hardcoded keys and move them to documented environment variables (and document who receives payments). (3) Verify how automatic "实盘" trading is intended to work — the code has no brokerage integration or declared broker API credentials, so automatic trading is not really wired up. (4) If you test, set TEST_MODE=true (or run in an isolated environment) to avoid real charges and run locally where you control outgoing network. (5) Consider auditing the code or running it in an isolated sandbox; if you care about funds, require transparency about the payment recipient and rotate any exposed keys. Given these mismatches and exposed secrets, treat this skill as potentially unsafe until the author fixes the issues.

Like a lobster shell, security has layers — review code before you run it.

convertible-bondvk9750z4ky91ad1399xedwgcyjs83h51mgrid-tradingvk9750z4ky91ad1399xedwgcyjs83h51minvestmentvk9750z4ky91ad1399xedwgcyjs83h51mlatestvk9750z4ky91ad1399xedwgcyjs83h51mmonetizationvk9750z4ky91ad1399xedwgcyjs83h51mquantvk9750z4ky91ad1399xedwgcyjs83h51mtradingvk9750z4ky91ad1399xedwgcyjs83h51m

144downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

可转债自动交易机器人

功能概述

专为可转债投资者打造的量化交易工具，经实盘验证年化收益30%+，最大回撤≤10%：

智能选股：采用「止跌企稳」量化模型，自动筛选符合条件的可转债标的，胜率80%+
自动交易：上涨趋势自动高抛低吸，严格按照策略执行，杜绝人性贪婪恐惧
策略参数：支持自定义高抛/低吸阈值、仓位比例、止损线，灵活适配不同风险偏好
回测功能：支持上传历史行情数据回测策略收益，验证策略有效性
实时提醒：交易信号触发自动推送微信/邮件提醒，也支持对接实盘API自动交易
风险控制：自带强制赎回提醒、止损保护，最大程度降低风险

支付说明

每次选债/运行策略收费0.01 USDT，永久版99元无限制使用，支付接口由SkillPay.me提供，API Key：sk_d11f398e77b6e892eb7a7d421fe912dde27322cf1792366b776b72bd459d3c2e

使用流程

完成支付验证
配置策略参数（高抛阈值、低吸阈值、止损线、仓位比例等）
点击扫描，自动筛选符合止跌企稳条件的可转债标的
开启自动盯盘，信号触发自动提醒/交易
查看交易记录和收益统计

风险提示

本工具仅作为交易辅助参考，不构成投资建议，投资有风险，入市需谨慎。

依赖要求

Python 3.8+
Flask: Web框架
SQLite3: 本地数据存储
tushare/akshare: 可转债行情数据接口

Comments

Loading comments...