ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openbb Terminal

v0.3.3

获取全球股票、加密货币、外汇、大宗商品等多市场实时行情与历史数据,提供技术指标计算、宏观经济数据追踪与资产比率分析功能。。

0· 100·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/openbb-terminal.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openbb Terminal" (tangweigang-jpg/openbb-terminal) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/openbb-terminal
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openbb-terminal

ClawHub CLI

Package manager switcher

npx clawhub@latest install openbb-terminal
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (OpenBB-style financial terminal: data collection, backtest, indicators) is coherent with the SKILL.md content and included use-cases. However, SKILL.md metadata says it requires Python 3.12+ and the uv package manager, yet the registry metadata declares no required binaries or installs — an implementation/metadata mismatch that should be clarified.
!
Instruction Scope
Although instruction-only (no code), the SKILL.md and seed.yaml instruct the agent to reload seed.yaml, run precondition python commands (import zvt, run zvt.recorders), check/create ~/.zvt, and verify package imports. Those are file-system and command executions beyond simple read-only queries: they may create files, run arbitrary Python code on the host, and depend on local packages. The registry did not declare these actions, so runtime behavior could be broader than expected.
Install Mechanism
There is no install spec (instruction-only), which reduces direct install risk. Still, the seed.yaml 'execution_protocol' refers to running install_recipes and verifying imports at runtime — but no install recipes are provided in the manifest. This mismatch means the skill expects host-side installation steps that are not declared here.
!
Credentials
Registry lists no required env vars or config paths, but SKILL.md/LOCKS reference ZVT_HOME and preconditions check ~/.zvt and python imports. The human_summary and use-cases mention external data providers (eastmoney, joinquant, akshare, qmt) that may require API tokens. The skill may prompt for or rely on credentials at runtime even though none are declared — a proportionality and disclosure gap.
Persistence & Privilege
The skill does not request 'always: true' and does not declare persistent privileges. However, its runtime instructions include writing a test file to ZVT_HOME and executing python commands which would modify host state. Autonomous invocation is permitted (platform default) — combined with the other mismatches this increases the need for caution, but persistence/privilege flags themselves are not elevated.
What to consider before installing
This skill appears to be a coherent financial terminal, but the manifest omits runtime requirements that the SKILL.md expects (Python 3.12+, 'uv' package manager, zvt, and ~/.zvt checks). Before installing or invoking it: 1) Confirm with the publisher what exact host requirements and install steps are needed. 2) Do not provide secrets (API keys, broker tokens) until you verify where and how they will be used/stored. 3) Run it first in a sandboxed environment or VM since the skill's instructions will run python commands and may write to ~/.zvt or other host paths. 4) Ask the author to declare required binaries, config paths, and any install recipes in the registry metadata; absence of those declarations is why this is flagged as suspicious. If you need higher confidence, request the original seed.yaml / LICENSE and any install scripts to review before use.

Like a lobster shell, security has layers — review code before you run it.

cryptovk9799ftz99z2jqdta5s9k7nb7985c9z0datavk9799ftz99z2jqdta5s9k7nb7985c9z0doramagic-crystalvk9799ftz99z2jqdta5s9k7nb7985c9z0financevk9799ftz99z2jqdta5s9k7nb7985c9z0latestvk9799ftz99z2jqdta5s9k7nb7985c9z0
100downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
cryptodatadoramagic-crystalfinancelatest
Download

OpenBB 金融终端 (openbb-terminal)

获取全球股票、加密货币、外汇、大宗商品等多市场实时行情与历史数据,提供技术指标计算、宏观经济数据追踪与资产比率分析功能。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (19 total)

Momentum Trading Strategy Backtesting (UC-101)

Tests a dual moving average crossover strategy to identify optimal buy/sell signals for multiple stocks based on short-term vs long-term momentum Triggers: momentum trading, moving average crossover, backtesting

Ethereum Trend Analysis (UC-102)

Analyzes Ethereum price trends using technical indicators (moving averages, volatility) to identify patterns and trading opportunities in crypto marke Triggers: Ethereum analysis, crypto trend, moving averages

Copper to Gold Ratio Analysis (UC-103)

Tracks the copper/gold ratio over time and correlates it with US Treasury yields to identify economic cycle indicators Triggers: commodity ratio, copper gold ratio, treasury yields

For all 19 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-DATA-SOURCING-001: Missing or invalid User-Agent headers for SEC API requests
  • AP-DATA-SOURCING-002: Ignoring external API rate limits causing IP blocking
  • AP-DATA-SOURCING-003: No HTTP timeout configuration causing indefinite hangs

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-097. Evidence verify ratio = 32.0% and audit fail total = 65. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-097 blueprint at 2026-04-22T13:00:43.142714+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...