ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

aml-data-generator

v0.3.0

生成符合AMLSim格式的合成交易数据,将交易日志转换为用于反洗钱检测系统测试的模拟数据集,支持按银行ID分割账户、合并多源输出并生成交易网络图。触发场景:(1) 用户要把CSV交易日志转换成AMLSim模拟数据;(2) 用户要按银行ID分割账户CSV文件;(3) 用户要合并多个AMLSim输出进行综合分析。

0· 41·0 current·0 all-time
byTang Weigang@tangweigang-jpg
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose is AMLSim-style synthetic transaction generation and CSV conversion/splitting/merging, but the SKILL.md and human_summary emphasize ZVT trading/backtest flows, MACD locks, and other trading preconditions. Seed metadata and many references appear to come from a broader 'finance' blueprint mixing AML and trading. This mismatch suggests leftover or merged content that is not explained by the skill's stated AML utility.
!
Instruction Scope
Runtime instructions require running scripts/install.sh and the seed.yaml execution_protocol mandates re-reading seed.yaml and running precondition Python checks that probe the environment (zvt version checks, ZVT_HOME existence, writing a test file). Those preconditions may inspect environment variables and write to the user's ~/.zvt (or other host paths). While not explicitly exfiltrative, the instructions go beyond simple file conversion (they check/modify host state and may install packages).
!
Install Mechanism
There is no packaged installer, but scripts/install.sh will pip-install many packages without versions (numpy, networkx, matplotlib, pygraphviz, powerlaw, Faker — reasonable) and other packages with unusual names ('MASON', 'JSON in Java', 'WebGraph'). Installing unpinned or oddly named PyPI packages is risky (typosquatting or malicious packages) and pygraphviz often requires system libs. The install is performed from PyPI (no external URL), but the lack of version pins and presence of suspicious package names increases risk.
Credentials
The skill does not request credentials or declared env vars, which is proportional. However seed preconditions access and assert on ZVT_HOME and run Python commands that may install zvt or write a test file to a user directory. Those filesystem and package-install actions are reasonable for a package that depends on ZVT, but they should be clearly justified; here the presence of unrelated ZVT/backtest content makes the justification unclear.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It does include an install script that, if run, will modify the environment (pip installs and may create directories). No evidence it modifies other skills or agent-wide configuration.
What to consider before installing
Do not run the install script or invoke the skill unattended yet. Steps to take before installing or using: - Verify intent: ask the author which parts are authoritative (AMLSim-only vs ZVT trading) — the SKILL.md mixes both. - Inspect seed.yaml and references for any host-path or network endpoints you don't recognize. - Do not run scripts/install.sh on your main system. Instead: create an isolated environment (container or fresh virtualenv) and inspect failed/installed package names. - Manually review and edit the install script: remove or pin suspicious/unnecessary packages (especially packages with odd names like 'JSON in Java' or other non-Python names) and add explicit versions. - Consider running the conversion tools only (scripts that do CSV->AMLSim conversion) rather than executing the full precondition/install flow; request a minimal usage example from the publisher. - If you need to run it, run in a disposable VM/container with no sensitive credentials and monitor network and filesystem changes. - If the skill came from an unknown source (homepage unknown, owner ID only), prefer to obtain a vetted package or ask the publisher for provenance and a security audit.

Like a lobster shell, security has layers — review code before you run it.

doramagic-crystalvk978pp2yfzhh9bqh3vdb31bza985brp2financevk978pp2yfzhh9bqh3vdb31bza985brp2latestvk978pp2yfzhh9bqh3vdb31bza985brp2
41downloads
0stars
3versions
Updated 14h ago
v0.3.0
MIT-0
Tang Weigang@tangweigang-jpg
doramagic-crystalfinancelatest
Download

aml-data-generator

I help you build quant strategies on A-share with ZVT — from data fetch to backtest, one flow. Just tell me what you want; I'll write the code, you don't have to dig docs. (Heads up: ZVT natively supports A-share, HK, and crypto. US stocks — stockus_nasdaq_AAPL — are half-baked; don't bother for serious work.)

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (13 total)

Convert Logs to AML Simulation Data (UC-101)

Convert transaction log files into synthetic AML simulation data for testing anti-money laundering detection systems Triggers: convert logs, synthetic data, AML simulation

Split Accounts by Bank ID (UC-102)

Partition account CSV files by bank identifier for bank-specific analysis and processing Triggers: split accounts, bank ID, partition data

Combine AML Simulation Outputs (UC-103)

Aggregate multiple AMLSim output files into a consolidated dataset for comprehensive analysis Triggers: combine outputs, merge data, AMLSim aggregation

For all 13 use cases, see references/USE_CASES.md.

Install

# One-time setup before first use
bash scripts/install.sh

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (15 total)

  • AP-REGTECH-001: Missing attribute initialization on data structures
  • AP-REGTECH-002: Self-loops in transaction graphs violate domain rules
  • AP-REGTECH-003: Unvalidated floating-point inputs cause runtime crashes

All 15 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-060. Evidence verify ratio = 15.9% and audit fail total = 22. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md15 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-060 blueprint at 2026-04-22T13:00:18.242568+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...