ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Climate Esg Investing

v0.3.3

使用Fama-French因子模型进行气候ESG投资分析,支持月度股价数据下载、因子相关性计算、OLS回归诊断及显著性筛选,帮助用户构建因子组合和风险评估。

0· 58·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/climate-esg-investing.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Climate Esg Investing" (tangweigang-jpg/climate-esg-investing) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/climate-esg-investing
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/climate-esg-investing

ClawHub CLI

Package manager switcher

npx clawhub@latest install climate-esg-investing
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Fama‑French ESG analysis, data fetch, regression/backtest) aligns with the SKILL.md content and many use-cases. However, SKILL.md requires Python 3.12+, ZVT library, ZVT_HOME, and database access (Postgres) in its preconditions and components, but the registry metadata lists no required binaries, env vars, or credentials — an inconsistency indicating undeclared dependencies.
!
Instruction Scope
Runtime instructions (and seed.yaml) instruct the agent to re-read seed.yaml, run Python precondition checks that import zvt and touch ZVT_HOME, initialize databases, and execute pipeline steps. Those steps access local filesystem (touching ~/.zvt or ZVT_HOME), import local/third-party Python packages, and may attempt DB operations. While relevant to a backtest pipeline, these actions are not explicitly declared and grant the agent broad discretion to run Python commands and interact with local files/DBs.
Install Mechanism
This is instruction-only (no install spec, no downloads, no code files to execute). That lowers install-time risk. Note seed.yaml contains an 'install_trigger' execution protocol, but no concrete install_recipes are present in the package/registry — another mismatch to be aware of.
!
Credentials
The skill references environment state (ZVT_HOME), Python packages (zvt, possibly psycopg2), and external data providers (eastmoney, joinquant, yfinance) but declares no required env vars, credentials, or primary credential. Database credentials and provider API keys (joinquant, qmt) are expected by the pipeline but are not declared — this under-declaration makes it unclear what secrets the skill will need or attempt to access.
Persistence & Privilege
always is false and the skill does not request permission to persistently modify other skills or global agent settings. It does instruct write access checks (touching ZVT_HOME) but that is scoped to its own data directories per the preconditions; no evidence it tries to change other skills' configs.
What to consider before installing
This skill appears to be a legitimate Fama‑French ESG analysis pipeline, but it omits declaring the runtime dependencies and credentials it actually expects. Before installing or running it: 1) Confirm you trust the source (homepage/source unknown). 2) Expect to need Python 3.12+, the 'zvt' ecosystem, and a writable ZVT_HOME (~/.zvt) — the skill's preconditions will attempt to import zvt and touch that directory. 3) Plan for database access (Postgres) and provider API credentials (joinquant/qmt) if you will use those data sources; do not put those secrets into an environment the skill hasn't declared. 4) Run in an isolated environment or sandbox first (container/VM) so the skill's Python checks and potential DB initializations cannot affect your primary system. 5) If you want to proceed, ask the author to (a) publish an install spec and explicit required env vars/credentials, (b) remove or document any filesystem writes, and (c) clarify whether the agent will run arbitrary python commands locally or only provide code snippets for the user to run.

Like a lobster shell, security has layers — review code before you run it.

datavk9737gq1xqtb83d2mqysb5kpzs85dtcedoramagic-crystalvk9737gq1xqtb83d2mqysb5kpzs85dtcefinancevk9737gq1xqtb83d2mqysb5kpzs85dtcelatestvk9737gq1xqtb83d2mqysb5kpzs85dtceportfoliovk9737gq1xqtb83d2mqysb5kpzs85dtceriskvk9737gq1xqtb83d2mqysb5kpzs85dtce
58downloads
0stars
4versions
Updated 3d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
datadoramagic-crystalfinancelatestportfoliorisk
Download

ESG 气候投资 (climate-esg-investing)

使用Fama-French因子模型进行气候ESG投资分析,支持月度股价数据下载、因子相关性计算、OLS回归诊断及显著性筛选,帮助用户构建因子组合和风险评估。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (9 total)

Sector Stock Count and Significant Factor Regression Analyzer (UC-101)

Identifies how many stocks from an index fall into each sector and screens for stocks with statistically significant factor regression results based o Triggers: sector composition, significant regression, p-value screening

Factor Correlation Calculator (UC-102)

Computes correlations between different factors over time to understand factor relationship dynamics and potential multicollinearity issues Triggers: factor correlation, correlation matrix, factor relationships

OLS Regression with Diagnostic Statistics (UC-103)

Performs ordinary least squares regression on factor data with comprehensive diagnostic tests including Durbin-Watson, Jarque-Bera, and Breusch-Pagan Triggers: OLS regression, diagnostic tests, statistical tests

For all 9 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-MACRO-DATA-001: SEC EDGAR Rate Limit Violation
  • AP-MACRO-DATA-002: Temporal Knowledge Graph Look-Ahead Bias
  • AP-MACRO-DATA-003: Technical Indicator Look-Ahead Bias via Missing Shift

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-105. Evidence verify ratio = 3.3% and audit fail total = 20. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-105 blueprint at 2026-04-22T13:00:49.775031+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...