ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cuemacro Finmarket

v0.3.3

金融市场回测框架,支持FX G10货币对技术指标策略回测、ArcticDB高频tick数据本地与S3云端存储、Quandl等数据源的市场数据获取与缓存。

0· 97·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/cuemacro-finmarket.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cuemacro Finmarket" (tangweigang-jpg/cuemacro-finmarket) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/cuemacro-finmarket
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cuemacro-finmarket

ClawHub CLI

Package manager switcher

npx clawhub@latest install cuemacro-finmarket
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description and bundled reference files consistently describe a financial backtest / market-data pipeline (ArcticDB, ZVT, Quandl, S3). That aligns with the advertised purpose. Minor inconsistency: SKILL.md explicitly states 'Requires Python 3.12+ with uv package manager', but the registry metadata declares no required binaries or environment variables.
Instruction Scope
SKILL.md instructs the agent to run environment precondition checks (python3 -c 'import zvt...' and filesystem write tests against ZVT_HOME), to reload seed.yaml, and to follow strict semantic locks. Those runtime checks are reasonable for a backtest skill, but they perform local command execution and touch the user's ~/.zvt by design. The instructions also reference S3/AWS and vendor data sources (Quandl, joinquant, etc.) but do not declare the need for corresponding credentials in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That is the lowest install risk. The SKILL.md suggests installing Python packages (e.g., pip install zvt) in preconditions, but the skill itself does not perform downloads or provide an installer.
!
Credentials
The skill references cloud storage (AWS S3), ArcticDB S3 backend, and third-party data providers (Quandl, joinquant, etc.) which normally require API keys/credentials. Yet requires.env and primary credential fields are empty. Also SKILL.md references ZVT_HOME and a write-test that will write to the user's filesystem. The absence of declared credential requirements (AWS/Quandl) is a proportionality gap and should be clarified before granting secrets.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request permanent platform presence, nor does it modify other skills' configurations. It does instruct agents to read seed.yaml and run preconditions, which is normal for an instruction-heavy blueprint.
What to consider before installing
This skill appears to be a legitimate finance backtesting blueprint, but several things don't add up: (1) SKILL.md requires Python 3.12+ / 'uv' package manager but the registry lists no required binaries — verify you have the correct runtime before running checks. (2) The skill discusses S3 and vendor APIs (Quandl, joinquant), yet declares no required environment variables for AWS or vendor API keys — do not provide credentials blindly; assume you must configure them yourself if needed. (3) The SKILL.md and seed.yaml instruct the agent to run Python precondition commands that will check imports and write a test file in ~/.zvt — run these in a sandbox or review them manually first if you are cautious. (4) SKILL.md references LICENSE.txt but that file is not present in the manifest; confirm licensing and source provenance before use. Recommended actions: inspect seed.yaml and references locally, run the preconditions manually in a controlled environment (virtualenv or disposable VM), never paste secrets into a skill prompt, and only provide AWS/Quandl credentials to code you trust. If you need higher assurance, ask the publisher for a source repository or signed release and verify artifacts before installing or running.

Like a lobster shell, security has layers — review code before you run it.

datavk97a2nn75ztzfmhz9be7erj05x85dhngdoramagic-crystalvk97a2nn75ztzfmhz9be7erj05x85dhngfinancevk97a2nn75ztzfmhz9be7erj05x85dhnglatestvk97a2nn75ztzfmhz9be7erj05x85dhngquantvk97a2nn75ztzfmhz9be7erj05x85dhng
97downloads
0stars
3versions
Updated 5d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
datadoramagic-crystalfinancelatestquant
Download

Cuemacro 市场工具 (cuemacro-finmarket)

金融市场回测框架,支持FX G10货币对技术指标策略回测、ArcticDB高频tick数据本地与S3云端存储、Quandl等数据源的市场数据获取与缓存。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (4 total)

ArcticDB Tick Data Storage (UC-101)

Provides persistent storage for high-frequency tick market data using ArcticDB, supporting both local LMDB and S3 cloud storage backends for efficient Triggers: arcticdb, tick data storage, time series database

Market Data Fetching from Vendors (UC-103)

Fetches economic and financial market data from external vendors like Quandl, demonstrating how to request and cache market data with specific fields Triggers: market data, quandl, fetch data

S3 Cloud Storage for Tick Data (UC-104)

Demonstrates writing and reading tick market data to/from AWS S3 cloud storage using Parquet format for efficient compression and retrieval of histori Triggers: s3 storage, aws, parquet

For all 4 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-PORTFOLIO-ANALYTICS-001: Division by zero in price ratio calculations corrupts rebalancing
  • AP-PORTFOLIO-ANALYTICS-002: Look-ahead bias from unshifted signal generation and position calculations
  • AP-PORTFOLIO-ANALYTICS-003: Non-positive-semidefinite covariance matrix breaks CVXPY optimization

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-108. Evidence verify ratio = 32.0% and audit fail total = 18. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-108 blueprint at 2026-04-22T13:00:51.768652+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...