ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reactive Pricing Engine

v0.3.3

基于OTC衍生品组合的XVA估值与风险指标计算,支持CVA/DVA/FVA度量及敞口曲线生成;提供SIMM保证金敏感性分析,兼容多定价引擎配置。

0· 94·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/reactive-pricing-engine.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Reactive Pricing Engine" (tangweigang-jpg/reactive-pricing-engine) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/reactive-pricing-engine
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install reactive-pricing-engine

ClawHub CLI

Package manager switcher

npx clawhub@latest install reactive-pricing-engine
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md and the included files describe a full-featured XVA/pricing pipeline that expects Python 3.12+, the 'uv' package manager, and the zvt ecosystem (recorders, data providers). The registry metadata, however, lists no required binaries, no required env vars, and no install spec. That mismatch is incoherent: a quant/pricing engine legitimately needs Python and packages (and often credentials for paid data providers), so the skill's declared surface does not match what it actually requires.
!
Instruction Scope
The runtime instructions and seed.yaml instruct the agent to re-load seed.yaml, run precondition checks (e.g., python3 -c 'import zvt' and running zvt recorders), run precondition installation flows, and execute data recorders that fetch market data. These steps access local paths (ZVT_HOME), may run pip/install commands, and will trigger network activity to data providers. The skill does not declare these actions or the credentials they may need, and the instructions give broad discretion to run install/recorder commands—scope is broader than the registry indicates.
!
Install Mechanism
No install spec is present in the registry, but seed.yaml's execution_protocol explicitly requires executing resources.host_adapter.install_recipes[] and 'Verify each package with import check before proceeding'. That implies dynamic installs or host-side recipes will run, yet nothing is declared. This mismatch increases risk because host-side installation behavior is unspecified and could download/install packages at runtime.
!
Credentials
The skill references external data providers (eastmoney, joinquant, akshare, qmt) and commands that will access the filesystem and ZVT_HOME, but the registry declares no required environment variables or credentials. Paid providers (e.g., joinquant) typically require API keys/accounts. The absence of declared env vars or a primary credential is disproportionate to the described capabilities and hides what secrets the skill will need or attempt to use.
Persistence & Privilege
always:false and model invocation are normal. The skill does not request forced always-on presence. However seed.yaml prescribes a multi-step execution protocol (reloading seed.yaml before decisions, running host install recipes) which gives the skill substantial operational control when executed: it expects the host to run install recipes and preconditions. This is not an 'always:true' privilege, but it does give the skill a non-trivial runtime footprint on the host if allowed to execute installs.
What to consider before installing
Do not enable this skill for autonomous runs yet. Key things to check before installing or running it: 1) Ask the publisher for the missing install spec and a clear dependency list (Python version, pip/uv packages, exact pip/conda packages) and a LICENSE.txt—the SKILL.md mentions these but the registry lacks them. 2) Confirm which external data providers will be used and what credentials are needed; never supply API keys until you understand minimal required scopes. 3) Review seed.yaml / host_adapter.install_recipes to see any install URLs or host-side scripts the skill will run; if those download archives or run arbitrary installers, treat as high risk. 4) Run first in an isolated/sandbox environment (VM/container) and with network access restricted, or only after code review. 5) If you need the functionality but want lower risk, request a pared-down instruction-only version that lists exact dependencies (no implicit host install recipes) or provide a vetted Docker image that contains the runtime. If you cannot obtain those assurances, consider this skill suspicious and avoid exposing credentials or allowing automatic installs.

Like a lobster shell, security has layers — review code before you run it.

creditvk974bq0ebh2y7gwjd7749nh1ps85dfnfderivativesvk974bq0ebh2y7gwjd7749nh1ps85dfnfdoramagic-crystalvk974bq0ebh2y7gwjd7749nh1ps85dfnffinancevk974bq0ebh2y7gwjd7749nh1ps85dfnflatestvk974bq0ebh2y7gwjd7749nh1ps85dfnfportfoliovk974bq0ebh2y7gwjd7749nh1ps85dfnfriskvk974bq0ebh2y7gwjd7749nh1ps85dfnf
94downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
creditderivativesdoramagic-crystalfinancelatestportfoliorisk
Download

XVA 定价引擎 (reactive-pricing-engine)

基于OTC衍生品组合的XVA估值与风险指标计算,支持CVA/DVA/FVA度量及敞口曲线生成;提供SIMM保证金敏感性分析,兼容多定价引擎配置。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (19 total)

Dynamic SIMM Exposure Analysis (UC-101)

Analyzes collateralized vs uncollateralized counterparty exposure dynamics for risk management and margin calculations Triggers: initial margin, SIMM, collateral

XVA Valuation and Sensitivity Reporting (UC-102)

Computes and visualizes XVA metrics including CVA, DVA, FVA, and exposure profiles for OTC derivatives portfolio Triggers: XVA, CVA, FVA

Portfolio NPV Cashflow and Curve Reporting (UC-106)

Generates comprehensive portfolio reports including NPV, cashflows, and yield curves for trade valuation Triggers: NPV, cashflow, curves

For all 19 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-104. Evidence verify ratio = 38.9% and audit fail total = 7. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md0 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-104 blueprint at 2026-04-22T13:00:49.125318+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...