ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Empyrical Risk Metrics

v0.3.3

计算投资组合风险指标,包括年化收益率、夏普比率、索提诺比率、最大回撤和卡玛比率,支持滚动窗口统计和 NaN 数据处理,适用于多市场数据。。

0· 105·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/empyrical-risk-metrics.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Empyrical Risk Metrics" (tangweigang-jpg/empyrical-risk-metrics) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/empyrical-risk-metrics
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install empyrical-risk-metrics

ClawHub CLI

Package manager switcher

npx clawhub@latest install empyrical-risk-metrics
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description state 'compute risk metrics' but SKILL.md describes a full pipeline (data_collection -> trading_execution -> visualization), Sphinx doc build/deploy use cases, and heavy reliance on ZVT and market data providers. The declared metadata lists no dependencies or env vars, yet the instructions clearly expect Python 3.12+, uv package manager, and ZVT tooling — this mismatch suggests the skill needs more privileges and dependencies than its summary implies.
!
Instruction Scope
SKILL.md instructs the agent to: re-read seed.yaml on behavioral decisions, run precondition checks via python (import zvt, query get_kdata), potentially run pip installs (python3 -m pip install zvt) and init_dirs, and to rely on ZVT_HOME and local ~/.zvt. It also references external data providers (eastmoney, joinquant, akshare, qmt). These runtime steps require filesystem writes and network access and are not limited to simple 'risk metric' calculations — the instructions therefore expand scope beyond what's stated and access env/config not declared in the registry metadata.
Install Mechanism
There is no formal install spec (lowest static risk), but SKILL.md contains explicit procedural install hints (pip install zvt, uv package manager requirement). That means at runtime an agent could attempt to modify the host Python environment. Absence of an install recipe in metadata while instructing installs is an inconsistency the user should notice.
!
Credentials
Registry shows no required env vars or credentials, but the instructions reference ZVT_HOME and test writing to ~/.zvt, and expect access to third-party data providers (some of which require accounts/API keys). The skill does not declare these env vars (e.g., ZVT_HOME, any API keys for joinquant/qmt), so the declared environment access is incomplete and disproportionate to the simple 'risk metrics' description.
Persistence & Privilege
always:false and normal autonomous invocation are set (no elevated platform privilege). However, the instructions expect creating/initializing ~/.zvt and may install packages (pip), which gives the skill the ability to persist files and modify the Python environment. This is expected for a backtesting tool but is more privileged than a pure computation-only skill.
What to consider before installing
This skill's description says 'risk metrics' but the runtime instructions assume a full ZVT backtesting environment (Python 3.12+, zvt, ZVT_HOME, access to market data providers) and include steps that can write to your home directory and install Python packages. Before installing or enabling it: 1) Confirm you are comfortable letting the agent run pip installs or init scripts — run these manually in a sandboxed venv if needed. 2) Expect to provide API keys or accounts for data sources (eastmoney/joinquant/akshare) even though they are not declared. 3) Review seed.yaml and references locally (they are included) to verify policies and semantic locks (they mandate trading rules like next-bar execution and T+1). 4) If you only need isolated metric computations, prefer running a vetted library locally (e.g., empyrical/pyfolio) rather than granting this skill permission to modify your environment or fetch market data. 5) If you proceed, run the skill in a controlled environment (container or conda/venv) and inspect any pip installs and filesystem changes first.

Like a lobster shell, security has layers — review code before you run it.

datavk978dnysgaccajfyzhr36av08185cn01doramagic-crystalvk978dnysgaccajfyzhr36av08185cn01financevk978dnysgaccajfyzhr36av08185cn01latestvk978dnysgaccajfyzhr36av08185cn01portfoliovk978dnysgaccajfyzhr36av08185cn01quantvk978dnysgaccajfyzhr36av08185cn01riskvk978dnysgaccajfyzhr36av08185cn01
105downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
datadoramagic-crystalfinancelatestportfolioquantrisk
Download

投资风险指标 (empyrical-risk-metrics)

计算投资组合风险指标,包括年化收益率、夏普比率、索提诺比率、最大回撤和卡玛比率,支持滚动窗口统计和 NaN 数据处理,适用于多市场数据。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (3 total)

Sphinx Documentation Build Configuration (UC-101)

Configuring Sphinx to automatically generate API documentation from docstrings and source code comments for the empyrical library Triggers: sphinx configuration, documentation build, autodoc setup

Documentation Deployment Automation (UC-102)

Automating the process of cleaning, building, and deploying Sphinx documentation to a hosting platform for the empyrical project Triggers: documentation deployment, automated deployment, CI/CD documentation

Advanced Sphinx Documentation Source Setup (UC-103)

Configuring advanced Sphinx extensions including autodoc filtering, numpydoc integration, and markdown support for comprehensive documentation generat Triggers: sphinx extensions, numpydoc, autodoc filtering

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (25 total)

  • AP-ZVT-183: 除权因子为 inf/NaN 时直接参与乘法导致复权静默失败
  • AP-ZVT-179: 第三方数据接口超限后异常被吞噬,数据静默缺失
  • AP-ZVT-183B: HFQ(后复权)与 QFQ(前复权)K 线表使用错误导致因子计算漂移

All 25 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-107. Evidence verify ratio = 45.3% and audit fail total = 21. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md25 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-107 blueprint at 2026-04-22T13:00:51.147425+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...