ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

trading-monitor

v1.2.0

盘中股票盯盘定时任务管理。创建、配置和管理A股交易时段的自动分析任务,包括定时行情播报、深度分析、收盘前最终分析。使用场景:设置盯盘、调整分析频率、查看任务状态、停止/启动任务。触发词:盯盘、设置分析、开盘监控、调整频率、盯盘任务。

0· 116·0 current·0 all-time
bychangle@cle87937-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cle87937-code/trading-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "trading-monitor" (cle87937-code/trading-monitor) from ClawHub.
Skill page: https://clawhub.ai/cle87937-code/trading-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install trading-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install trading-monitor
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Skill claims to manage scheduled A-share analysis tasks which fits the openclaw cron usage shown, but the SKILL.md repeatedly references local scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included in the package or install spec. The skill also refers to pushing results to channels (feishu) and target IDs yet does not declare or request any channel/API credentials. Requesting or assuming access to messaging channels without declaring how credentials are provided is inconsistent with the stated purpose.
!
Instruction Scope
Instructions tell the agent/user to run PowerShell deployment and management scripts and to change a gateway-wide setting (`openclaw config set tools.exec.security full`). Asking operators to relax exec allowlist is a scope-expanding action that affects platform security. The messages passed into cron tasks instruct the agent to fetch news, query holdings, analyze markets and send reports — which is within purpose — but because the scripts that implement these steps are absent, it's unclear what code will actually run when the user follows these steps.
!
Install Mechanism
There is no install spec and no included executable scripts. The SKILL.md expects local scripts under scripts\ but those files are not present in the manifest. That gap means users must obtain scripts from an unspecified external source before deployment — a risky, untracked step.
!
Credentials
The skill references notification channels (feishu) and target IDs which normally require API tokens or integration credentials, but requires.env and primary credential are empty. That mismatch suggests the skill will need secrets/configuration that are not declared. Additionally, the guidance to set exec security to 'full' broadens what cron tasks can execute and may enable actions beyond the stated monitoring purpose.
!
Persistence & Privilege
The skill is not always: true, but it instructs creating recurring cron jobs in the platform and explicitly recommends changing gateway exec security; combined, these create persistent automated tasks that can execute system commands. The skill does not modify other skills, but asking operators to relax a global security policy is a noteworthy privilege escalation risk.
What to consider before installing
This skill's goal (automated intraday stock analysis) is reasonable, but there are gaps and risky suggestions you should resolve before installing. Specifically: 1) The SKILL.md references deployment and management scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included — ask the publisher where these come from and inspect them before running. 2) The skill suggests changing the gateway exec policy to 'full' — avoid relaxing global exec allowlists unless you have audited the scripts and understand the implications. 3) The skill expects to push messages to channels like Feishu but does not declare required API tokens or how secrets are stored; confirm which credentials are needed and grant the minimum scope. 4) Treat any one‑click deployment script obtained from an external source as untrusted until reviewed; run in a sandbox or staging environment first. If you cannot obtain the missing scripts or a trustworthy source, do not enable the cron tasks or change exec security.

Like a lobster shell, security has layers — review code before you run it.

a-stockvk972tvjv14h2ee9rt82ed875qh83pafxcronvk972tvjv14h2ee9rt82ed875qh83pafxlatestvk972tvjv14h2ee9rt82ed875qh83pafxmonitorvk972tvjv14h2ee9rt82ed875qh83pafxtradingvk972tvjv14h2ee9rt82ed875qh83pafx
116downloads
0stars
2versions
Updated 1mo ago
v1.2.0
MIT-0
changle@cle87937-code
a-stockcronlatestmonitortrading
Download

盘中股票盯盘系统

自动化A股交易时段的定时分析任务,通过 OpenClaw Cron 系统驱动。

快速开始

一键部署(推荐)

运行部署脚本,按提示输入参数:

powershell -ExecutionPolicy Bypass -File scripts\setup.ps1 -Channel feishu -Target "ou_你的ID"

高级参数:

# 深度分析 + 开盘前准备
.\scripts\setup.ps1 -Channel feishu -Target "ou_xxx" -AnalysisDepth full -IncludePreMarket

# 每5分钟高频盯盘
.\scripts\setup.ps1 -Channel feishu -Target "ou_xxx" -Interval 5

# 低频监控(省token)
.\scripts\setup.ps1 -Channel feishu -Target "ou_xxx" -Interval 30 -AnalysisDepth basic

管理任务

# 查看所有任务状态
powershell -ExecutionPolicy Bypass -File scripts\manage.ps1 list

# 查看系统配置
.\scripts\manage.ps1 status

# 手动触发测试
.\scripts\manage.ps1 test

# 停止所有任务
.\scripts\manage.ps1 stop

手动创建

参考下方"任务类型"和 references\config-guide.md,用 openclaw cron create 命令手动创建。

任务类型

1. 盘中定时分析(每N分钟)

交易时段内每N分钟自动分析持仓+大盘+新闻+操作建议。

openclaw cron create --name "盘中盯盘" --cron "*/15 9-15 * * 1-5" --tz "Asia/Shanghai" --session isolated --wake now --message "你是水水琪,独立操盘手。执行:1.查询持仓股票行情 2.查询大盘指数 3.搜索今日A股重要新闻 4.分析板块轮动和主线 5.评估持仓并给出操作建议 6.发送报告给方休(股票带代码)" --timeout-seconds 300 --announce --channel <频道> --to <目标ID>

2. 收盘前最终分析(14:53)

集合竞价前4分钟触发,给操作留时间。

openclaw cron create --name "收盘前分析" --cron "53 14 * * 1-5" --tz "Asia/Shanghai" --session isolated --wake now --message "最终分析:1.查询持仓最终行情 2.大盘收盘预判 3.评估集合竞价操作 4.给出明确指令(买/卖/不动)5.发送报告" --timeout-seconds 300 --announce --channel <频道> --to <目标ID>

3. 开盘前准备(8:30)

每日开盘前选股分析。

openclaw cron create --name "开盘前分析" --cron "30 8 * * 1-5" --tz "Asia/Shanghai" --session isolated --wake now --message "开盘前分析:1.搜索overnight重要新闻 2.检查持仓状态 3.预判今日主线 4.制定操作计划 5.发送报告" --timeout-seconds 300 --announce --channel <频道> --to <目标ID>

管理命令

# 查看所有任务
openclaw cron list

# 停用任务(按名称模糊匹配)
openclaw cron list --json | findstr "任务名"

# 删除任务
openclaw cron delete <任务ID>

# 手动触发测试
openclaw cron trigger <任务ID>

配置参数

参数说明默认值
--cronCron表达式*/15 9-15 * * 1-5
--channel推送渠道feishu
--to推送目标ID需填写
--timeout-seconds超时时间300
--session会话模式isolated
--message分析指令见上方模板

常用频率

  • */5 9-15 * * 1-5 — 每5分钟(高频盯盘)
  • */15 9-15 * * 1-5 — 每15分钟(推荐)
  • */30 9-15 * * 1-5 — 每30分钟(低频)
  • 0 9,10,11,13,14 * * 1-5 — 每小时整点
  • 53 14 * * 1-5 — 每日14:53(收盘前)

注意事项

  • Cron表达式 1-5 = 周一到周五,周末自动跳过
  • --session isolated 让每次分析在独立会话运行,不污染主对话
  • --announce 确保分析结果推送到指定渠道
  • 超时建议300秒(分析需要调用多个工具)
  • 收盘前分析设在14:53,给集合竞价(14:57-15:00)留4分钟决策时间

常见问题

任务报错 "exec denied: allowlist miss"

原因:tools.exec.security 设为 allowlistpaths 为空。 修复:openclaw config set tools.exec.security full 后重启 gateway。

任务报错但 exec 正常

检查是否是超时(默认30秒太短),用 --timeout-seconds 300

Comments

Loading comments...