ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quant Strategy Bundle

v1.0.0

Quantitative trading strategy bundle - Contains multiple verified A-stock quantitative trading strategy frameworks. Includes momentum strategies, reversal st...

0· 128·0 current·0 all-time
by@jason-aka-chen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jason-aka-chen/quant-strategy-bundle-chen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Quant Strategy Bundle" (jason-aka-chen/quant-strategy-bundle-chen) from ClawHub.
Skill page: https://clawhub.ai/jason-aka-chen/quant-strategy-bundle-chen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install quant-strategy-bundle-chen

ClawHub CLI

Package manager switcher

npx clawhub@latest install quant-strategy-bundle-chen
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (quant trading strategies, backtesting, signal generation) match the high-level instructions, but the SKILL.md expects a 'strategy' Python module and a config.json with a Tushare token that are not included and not declared in requirements. The skill therefore does not contain the code it claims to document, which is an incoherence.
!
Instruction Scope
Runtime instructions tell the user/agent to pip install packages and then import from 'strategy' (MomentumStrategy, etc.) and to place a Tushare token in config.json. The skill does not provide that module or an example config, and it does not declare the Tushare token as a required credential. This gives the agent/user broad discretion to install packages and use external tokens without guidance or packaged code.
Install Mechanism
There is no install spec (instruction-only). SKILL.md recommends 'pip install pandas numpy xgboost tushare' which will download code from PyPI — normal for Python projects but worth noting because large packages (xgboost) may require build steps; the skill does not provide a controlled install or pinned versions.
!
Credentials
The instructions require a Tushare token (sensitive API credential) in config.json, but the skill declares no required environment variables or primary credential. Asking for a third‑party API token without declaring it or explaining storage/usage is disproportionate and a transparency gap.
Persistence & Privilege
always is false and there is no install script or persistent modification of agent/system configuration. The skill does not request elevated or persistent privileges.
What to consider before installing
This skill is inconsistent: the README expects a local 'strategy' Python module and a Tushare API token but provides neither and does not declare required credentials. Before installing or running anything: (1) obtain the actual strategy code from a trusted source (the skill package lacks it); (2) do not paste your Tushare token into public places — store it securely and consider using environment variables rather than unchecked config files; (3) prefer installing dependencies into an isolated virtual environment (venv/conda) rather than system-wide; (4) verify the strategy implementation code for unsafe behaviour (network calls, data exfiltration, or executing arbitrary shell commands); (5) if you cannot obtain the missing code or a trustworthy source, avoid running the pip installs or executing unverified scripts. These inconsistencies are plausibly benign poor packaging, but they could hide risk, so proceed with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk970rga0srsd4h7rwtt85d5kad83dqwc
128downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jason-aka-chen
latest
Download

quant-strategy-bundle

Quantitative trading strategy bundle with multiple verified strategy frameworks.

Included Strategies

1. Momentum Strategy

  • Principle: Buy stocks that have risen in the past
  • Holding period: 5-20 days
  • Best for: Bull markets

2. Reversal Strategy

  • Principle: Buy stocks that have fallen in the past
  • Holding period: 3-10 days
  • Best for: Range-bound markets

3. Trend Strategy

  • Principle: Follow the trend, buy high sell higher
  • Holding period: 10-30 days
  • Best for: Strong trending markets

Usage

Install Dependencies

pip install pandas numpy xgboost tushare

Basic Usage

from strategy import MomentumStrategy, ReversalStrategy, TrendStrategy

# Initialize strategy
strategy = MomentumStrategy()

# Generate signals
signals = strategy.generate_signals(stock_pool, factors)

# Backtest
result = strategy.backtest(signals, prices)

Configuration

Configure in config.json:

  • Tushare token
  • Stock pool
  • Factor parameters
  • Trading parameters

Changelog

v1.0.0 - Initial release

Comments

Loading comments...