ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freqtrade Crypto Bot

v0.3.3

使用 Freqtrade 框架加载多交易所 OHLCV 历史数据并进行策略回测分析。

0· 104·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/freqtrade-crypto-bot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Freqtrade Crypto Bot" (tangweigang-jpg/freqtrade-crypto-bot) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/freqtrade-crypto-bot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install freqtrade-crypto-bot

ClawHub CLI

Package manager switcher

npx clawhub@latest install freqtrade-crypto-bot
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is named and described as a 'Freqtrade Crypto Bot', but the bundled materials heavily reference ZVT, Qlib, and other backtesting frameworks (many ZVT anti-patterns, preconditions, and a large seed.yaml). That mix of different toolchains is unexpected for a focused Freqtrade skill. The SKILL.md also declares a runtime requirement (Python 3.12+ and an 'uv' package manager) even though the registry metadata lists no required binaries or env — a clear mismatch.
!
Instruction Scope
SKILL.md and seed.yaml contain explicit execution protocol steps: re-read seed.yaml at runtime, run preconditions that execute python one-liners (e.g., import zvt, check ZVT_HOME, try recorders), and instruct running pip install if checks fail. Although there is no code shipped, these instructions tell an agent to run environment-modifying commands and to access filesystem/environment values (ZVT_HOME). That scope goes beyond a passive README and grants the skill runtime discretion to install packages and probe the host.
Install Mechanism
There is no declared install spec and no code files (instruction-only), which is lower risk. However the execution_protocol in seed.yaml and SKILL.md instruct the agent to invoke host install recipes and to pip-install zvt if preconditions fail. The absence of an explicit, declared install spec combined with runtime instructions to install packages is an inconsistency worth clarifying.
!
Credentials
Registry metadata claims no required env vars, but SKILL.md/seed.yaml reference ZVT_HOME and preconditions run code that reads os.environ. The skill also instructs installing third-party Python packages (zvt). Requesting or reading unlisted environment variables and recommending installs is disproportionate to what a simple Freqtrade backtest template should need and should be explicitly declared.
Persistence & Privilege
always is false (no forced global inclusion). The skill's execution_protocol asks the agent to run host install recipes and to re-load seed.yaml on each execution; this can change the agent's runtime environment but is not the same as always:true. Autonomous invocation is allowed by default (platform normal) — combine this with the other concerns before enabling autonomous runs.
What to consider before installing
Do not install or run this skill in a production or privileged environment yet. Ask the publisher for clarifications: (1) Why does a 'Freqtrade' skill include heavy ZVT/Qlib artifacts and seed.yaml that require zvt and ZVT_HOME? (2) Confirm the exact runtime requirements (Python version, package manager 'uv') and provide an explicit install spec if the skill needs to install packages. (3) Ask the author to declare any environment variables the skill will read or modify. If you still want to test it, run it in an isolated sandbox or VM with no sensitive credentials, and monitor for any pip installs or filesystem writes. Finally, note the SKILL.md's evidence-quality warning (low verify ratio) — treat outputs as unverified until you can audit them.

Like a lobster shell, security has layers — review code before you run it.

cryptovk97a9gghjwamw19hd6r4ng6gpd85dptxdatavk97a9gghjwamw19hd6r4ng6gpd85dptxdoramagic-crystalvk97a9gghjwamw19hd6r4ng6gpd85dptxfinancevk97a9gghjwamw19hd6r4ng6gpd85dptxlatestvk97a9gghjwamw19hd6r4ng6gpd85dptxquantvk97a9gghjwamw19hd6r4ng6gpd85dptx
104downloads
0stars
3versions
Updated 5d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
cryptodatadoramagic-crystalfinancelatestquant
Download

Freqtrade 加密回测 (freqtrade-crypto-bot)

使用 Freqtrade 框架加载多交易所 OHLCV 历史数据并进行策略回测分析。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (1 total)

Strategy Analysis Template (UC-101)

Users need a template to load historical market data and analyze trading strategy performance using Freqtrade's configuration and history loading capa Triggers: strategy analysis, backtesting template, historical data loading

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (25 total)

  • AP-ZVT-183: 除权因子为 inf/NaN 时直接参与乘法导致复权静默失败
  • AP-ZVT-179: 第三方数据接口超限后异常被吞噬,数据静默缺失
  • AP-ZVT-183B: HFQ(后复权)与 QFQ(前复权)K 线表使用错误导致因子计算漂移

All 25 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-085. Evidence verify ratio = 43.3% and audit fail total = 1. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md25 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-085 blueprint at 2026-04-22T13:00:34.948027+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...