ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Eastmoney Api

v0.3.3

为 VAlpha 量化终端用户提供 A 股市场数据获取、多数据源自动切换与熔断保护,支持 Tushare/Akshare 链路 fallback,并根据积分额度自动配置请求频率限制。

0· 109·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/eastmoney-api.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Eastmoney Api" (tangweigang-jpg/eastmoney-api) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/eastmoney-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install eastmoney-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install eastmoney-api
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md describes an Eastmoney/TuShare/Akshare data sourcing and ZVT-based pipeline (data collection, recorder, FastAPI server). That purpose aligns with instructions that reference zvt recorders, FastAPI app factory, and data pipelines. However the registry metadata declares no required binaries/env but the SKILL.md explicitly requires Python 3.12+ and mentions zvt and other Python packages — an omission in the skill manifest. Also the description mentions provider fallbacks (Tushare/Akshare) but no provider credentials (e.g., TUSHARE_TOKEN) are declared; this mismatch between declared requirements and stated functionality is unexpected.
Instruction Scope
The runtime instructions direct the agent to run precondition checks (python import/version checks), possibly install Python packages (pip install zvt), read/reload seed.yaml, and read/write the ZVT home directory (~/.zvt or ZVT_HOME). Those actions are consistent with setting up a local data-collection/backtest service. The instructions do not attempt to contact unknown external endpoints or exfiltrate secrets in the files shown. Still, they give the agent wide discretion to run Python commands, create files, and install packages — capabilities that should be reviewed by the user before allowing execution.
Install Mechanism
This is an instruction-only skill with no install spec or code files to extract/run, which is lower risk than arbitrary downloads. The SKILL.md suggests using Python package installation (pip) at runtime, but no install URLs or archives are embedded in the skill.
!
Credentials
The skill requests no environment variables in the manifest, yet the instructions reference ZVT_HOME and implicit dependencies (zvt, providers like Tushare which typically require API tokens). The absence of declared required credentials (e.g., TUSHARE_TOKEN) and the manifest's 'no binaries required' entry are inconsistent with the SKILL.md content. Users should assume the skill may prompt to install packages and may require service API keys to access paywalled endpoints.
Persistence & Privilege
always is false and the skill is user-invocable; it does instruct writing/creating the ZVT home directory and temporary files under ~/.zvt, which is reasonable for a data-collection/backtest tool. There is no evidence the skill requests persistent, platform-wide privileges or self-enablement beyond its own workspace.
What to consider before installing
This skill appears to be a guidance/blueprint for an Eastmoney/ZVT data-collection and FastAPI stack and contains many checks that will run Python commands and touch a ZVT home directory (~/.zvt). Before installing or running it: (1) Expect it to require Python 3.12+ and to install Python packages (pip); review and approve any package installs. (2) Prepare provider credentials (Tushare/API tokens) if you plan to use paid links — the skill does not declare these env vars but will need them for some providers. (3) Be aware it will read and create files under your home (ZVT_HOME); inspect/backup that directory if needed. (4) If you want stronger guarantees, ask the author for an explicit manifest listing required binaries, exact pip packages (with versions), and any external endpoints or env vars (e.g., TUSHARE_TOKEN), and request a build/install script that you can review before execution.

Like a lobster shell, security has layers — review code before you run it.

a-sharevk977dskdk7x77jt0t9cdhv3j0985djppdatavk977dskdk7x77jt0t9cdhv3j0985djppdoramagic-crystalvk977dskdk7x77jt0t9cdhv3j0985djppfinancevk977dskdk7x77jt0t9cdhv3j0985djpplatestvk977dskdk7x77jt0t9cdhv3j0985djppquantvk977dskdk7x77jt0t9cdhv3j0985djpp
109downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
a-sharedatadoramagic-crystalfinancelatestquant
Download

东方财富接口 (eastmoney-api)

为 VAlpha 量化终端用户提供 A 股市场数据获取、多数据源自动切换与熔断保护,支持 Tushare/Akshare 链路 fallback,并根据积分额度自动配置请求频率限制。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (26 total)

VAlpha Terminal Entry Point (UC-101)

Provides unified entry point for starting FastAPI server or running pre/post-market analysis Triggers: start, server, run

FastAPI Application Factory (UC-102)

Creates and configures FastAPI application instance with CORS, routers, and lifespan management Triggers: application, fastapi, server

Static File Serving and SPA Routing (UC-103)

Serves frontend static files and implements SPA catch-each routing for client-side navigation Triggers: static, frontend, spa

For all 26 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-DATA-SOURCING-001: Missing or invalid User-Agent headers for SEC API requests
  • AP-DATA-SOURCING-002: Ignoring external API rate limits causing IP blocking
  • AP-DATA-SOURCING-003: No HTTP timeout configuration causing indefinite hangs

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-084. Evidence verify ratio = 36.8% and audit fail total = 26. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-084 blueprint at 2026-04-22T13:00:34.071788+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...