Fund Trading Clawhub

v1.0.2

基金实盘交易工具，支持账户管理、基金查询、申购赎回、资产查询

⭐ 0· 84·0 current·0 all-time

byweiqt@weitom0902

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for weitom0902/fund-trading.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Fund Trading Clawhub" (weitom0902/fund-trading) from ClawHub.
Skill page: https://clawhub.ai/weitom0902/fund-trading
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install fund-trading

ClawHub CLI

Package manager switcher

npx clawhub@latest install fund-trading

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description (fund trading, account management, fund queries, subscribe/redeem) align with the provided Python CLI which implements register, token fetch, list/detail, subscribe/redeem, position, orders, etc. Requiring python3 is appropriate. However the SKILL metadata declares OPENAPI_URL as the primary credential/endpoint but the script defines a hardcoded API_ENDPOINT (http://127.0.0.1:8080/openApi) and does not obviously use the declared OPENAPI_URL — this mismatch is unexpected.

Instruction Scope

SKILL.md instructs use of an API service (default OPENAPI_URL = https://openapi.nicaifu.com/openApi) and describes secure behavior (OAuth + token caching/encryption). The visible script calls APIs and persists account credentials/tokens to ~/.config/opencode/skills/fund-trading/data/config.json. The changelog/README claim token local encryption, but the shown save_config uses json.dump (plain JSON) with no encryption. That is a contradiction: the skill promises encrypted local storage but appears to store secrets in plaintext.

✓

Install Mechanism

No install spec (instruction-only skill) and only requires python3. A single Python script is provided; there are no remote downloads or extract/install steps in the bundle, which is low risk from install mechanics.

Credentials

The package metadata and SKILL.md declare OPENAPI_URL as the primaryEnv and show it in the environment table, but the code (as shown) hardcodes API_ENDPOINT and does not appear to read OPENAPI_URL from the environment. Also, required env vars list is empty despite primaryEnv being declared — that inconsistency is suspicious. The script stores client_id/client_secret and access tokens locally; these secrets are required for the skill purpose, but the misrepresented storage/encryption reduces proportionality/trust.

Persistence & Privilege

The skill persists account credentials and access tokens to a config file under the user's home directory (~/.config/opencode/skills/fund-trading/data/config.json). Persisting tokens and client secrets locally is expected for this functionality, but the repository's own documentation claims encrypted token storage while the code writes JSON plaintext. This persistence combined with the misrepresentation is a notable risk. The skill is not always: true and does not request system-wide privileges.

What to consider before installing

This skill appears to implement the advertised fund-trading CLI, but there are multiple inconsistencies you should resolve before trusting it with real credentials: 1) Confirm whether the script actually uses the OPENAPI_URL environment variable (SKILL.md claims it is primary) or whether it will default to a local API_ENDPOINT (127.0.0.1) — if the code defaults to localhost you may be directed to an unexpected backend. 2) The README/changelog claim tokens are stored encrypted, but the shown save_config writes plain JSON; assume client_id/client_secret and access tokens are stored in plaintext unless the author proves otherwise. 3) Ask the author for the full, untruncated script and evidence of OPENAPI_URL usage and encryption; or inspect the full script yourself. 4) If you install, do so in an isolated environment and avoid putting production/real credentials into the skill until you confirm storage/encryption and endpoint behavior. 5) Prefer installing only from the published upstream repository URL (verify GitHub repo identity) and validate the package on PyPI/npm before use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3

Primary envOPENAPI_URL

latestvk97fq202jk5qvfwn4sw7113ww18447fy

84downloads

0stars

2versions

Updated 3w ago

v1.0.2

MIT-0

Fund Trading - 基金实盘交易

基金实盘交易工具，支持账户管理、基金查询、推荐基金、申购、赎回、撤单、资产查询、交易查询。

⚠️ 重要声明

真实基金净值，虚拟资金交易

📊 基金净值和行情数据 - 来自真实市场，实时更新

💰 交易资金 - 虚拟模拟资金，仅供学习和测试

🎯 适用场景 - 投资学习、策略测试、模拟交易

✨ 功能特性

📝 账户管理 - 注册、切换、查看账户
📊 基金查询 - 列表、详情、推荐基金
💰 交易操作 - 申购、赎回、撤单
📈 资产查询 - 持仓、收益、交易记录
🔐 OAuth 2.0 - 安全认证，Token 自动刷新

📦 安装

Python (PyPI)

pip install fund-trading-skill

TypeScript (npm)

npm install -g fund-trading-skill

🚀 快速开始

注册账户

fund-trading register --username 我的账户

查询持仓

fund-trading position

输出示例：

┌──────────────────────────────────────────────────┐
│                   💰 资产概览                      │
├──────────────────────────────────────────────────┤
│  总资产: 10000.00元                               │
│  总收益: 📈 +200.00元 (+2.00%)                    │
└──────────────────────────────────────────────────┘

申购基金

fund-trading subscribe --fund-code 000001 --amount 1000

📋 命令参考

命令	说明
`fund-trading register --username <name>`	注册新账户
`fund-trading account --list`	查看账户列表
`fund-trading account --switch <id>`	切换账户
`fund-trading list`	查询基金列表
`fund-trading detail --fund-code <code>`	查询基金详情
`fund-trading recommend`	获取推荐基金
`fund-trading position`	查询持仓
`fund-trading orders`	查询交易记录
`fund-trading subscribe --fund-code <code> --amount <金额>`	申购基金
`fund-trading redeem --fund-code <code> --shares <份额>`	赎回基金
`fund-trading cancel --trade-id <订单号>`	撤销订单
`fund-trading refresh-token`	刷新 Token

🔧 配置

配置文件位置：~/.config/opencode/skills/fund-trading/data/config.json

环境变量

变量	说明	默认值
`OPENAPI_URL`	API 服务地址	`https://openapi.nicaifu.com/openApi`

🔐 认证方式

使用 OAuth 2.0 Client Credentials 模式：

调用 /openapi/v1/oauth/token 获取 JWT Token
使用 Authorization: Bearer {token} 调用业务 API
Token 自动缓存，过期前 5 分钟自动刷新

📡 API 端点

功能	路径	方法
Token	`/openapi/v1/oauth/token`	POST
注册	`/openapi/v1/channel/register`	POST
基金列表	`/openapi/v1/shipan/fund/list`	GET
基金详情	`/openapi/v1/shipan/fund/detail`	GET
持仓查询	`/openapi/v1/shipan/asset/query`	POST
交易查询	`/openapi/v1/shipan/trade/query`	POST
申购	`/openapi/v1/shipan/trade/subscribe`	POST
赎回	`/openapi/v1/shipan/trade/redeem`	POST
撤单	`/openapi/v1/shipan/trade/cancel`	POST

📚 相关链接

📄 许可证

MIT License

👤 作者

weiqitong (weiqitong@nicaifu.com)

Comments

Loading comments...