Tigerbrokers
v1.0.1Tiger Brokers OpenAPI Python SDK — complete skills for AI coding tools. Covers SDK setup, market data queries, stock/futures/options trading, real-time push...
⭐ 0· 109·0 current·0 all-time
by@hotea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required env vars (TIGEROPEN_TIGER_ID, TIGEROPEN_PRIVATE_KEY, TIGEROPEN_ACCOUNT), and required binaries (python, pip) align with a Python SDK for Tiger Brokers. Declared primary credential (TIGEROPEN_TIGER_ID) and config-file/env-var authentication methods are expected for this purpose.
Instruction Scope
SKILL.md and reference files are detailed and stay within trading/market-data scope (SDK install, auth, quote/trade/push examples, CLI and MCP integration). The skill repeatedly instructs use of private keys and account IDs (appropriate for trading). It also gives operational instructions that can perform live trades — but explicitly instructs to default to paper trading and to confirm before live orders. One operational note: references include instructing users to run external install commands (curl | sh for uv installer) and to export private keys into environment variables or config files; these are legitimate for the MCP/CLI setup but carry operational risk if misused.
Install Mechanism
There is no formal install spec for the skill bundle (instruction-only). The docs recommend 'pip install tigeropen' (expected). The references also advise installing 'uv' via an external script fetched from https://astral.sh/uv/install.sh (curl ... | sh) and using 'uvx tigermcp' — recommending execution of a remote installer script is common for some CLI tools but is higher-risk than installing from a curated package manager. That risk is in the documentation/installation step, not hidden in code in the skill bundle.
Credentials
All required environment variables are directly relevant to Tiger Brokers API access (tiger id, private key, account). Optional/alternate env vars mentioned (props path, secret_key, token) are justified for institutional or TBHK use. No unrelated credentials or broad system secrets are requested.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It is user-invocable and may be auto-activated by keywords (documented), which is reasonable for a domain-specific skill. There is no instruction to modify other skills or global agent settings.
Assessment
This skill appears coherent for integrating the Tiger Brokers Python SDK: the requested env vars and commands match the stated purpose. Pay attention to two practical safety points before installing/using: (1) the SDK and MCP instructions tell you to store and use your private key and account credentials — treat these like sensitive secrets and prefer a read-only/paper account for initial testing, and (2) the docs recommend running an external install script (curl | sh) to install 'uv'; executing remote install scripts has risk — prefer installing via your package manager or inspecting the installer before running it. Finally, always confirm live-trade actions explicitly and consider using the recommended read-only / paper modes until you trust the setup.Like a lobster shell, security has layers — review code before you run it.
latestvk97fg3nt27vv37myfn3b621kpn84d6a3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspip, python
EnvTIGEROPEN_TIGER_ID, TIGEROPEN_PRIVATE_KEY, TIGEROPEN_ACCOUNT
Primary envTIGEROPEN_TIGER_ID