ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Credit Lgd Model

v0.3.3

构建并训练 LGD(违约损失率)机器学习模型,支持基于历史违约数据的信用风险量化评估与预测。

0· 64·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/credit-lgd-model.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Credit Lgd Model" (tangweigang-jpg/credit-lgd-model) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/credit-lgd-model
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/credit-lgd-model

ClawHub CLI

Package manager switcher

npx clawhub@latest install credit-lgd-model
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description state 'LGD (违约损失率) machine learning model' for credit risk, but SKILL.md, human_summary, seed.yaml and many reference files repeatedly reference ZVT, backtesting, trading pipelines (MACD, trading_execution) and Sphinx documentation. Semantic locks and preconditions include trading rules (execute sell before buy, next-bar execution, MACD param locks) that are unrelated to a pure LGD credit model. This mixed purpose is incoherent: a credit-LGD modelling skill normally would not ask about markets/strategies or enforce trading semantics unless it's intentionally a dual-purpose blueprint.
!
Instruction Scope
Although instruction-only, the SKILL.md and referenced files direct the agent to run precondition checks that execute Python commands (e.g. 'python3 -c "import zvt..."'), to install packages via pip if checks fail, and to create/write files under a ZVT_HOME (~/.zvt). It also instructs the agent to reload seed.yaml before decisions and to follow an execution protocol. These runtime actions access the host filesystem and package manager and go beyond merely describing modelling steps; they also include trading/backtest question prompts. The instructions are not strictly scoped to LGD estimation and give broad discretion to run installs and filesystem touches.
Install Mechanism
There is no formal install spec (lowest static install risk). However, SKILL.md and seed.yaml explicitly instruct running pip installs and zvt initialization as preconditions if checks fail. Those commands would pull packages from external registries at runtime even though no install recipe is declared in the registry metadata — this is an implicit install path the agent may perform.
Credentials
The skill declares no required environment variables or credentials (good). Still, runtime preconditions reference ZVT_HOME and instruct touching files under that directory (~/.zvt) and checking writability. That implies the agent will read/write local configuration directories. No secrets are requested, but the skill expects filesystem access which is proportionally reasonable for a ZVT/backtest setup but unexpected for a pure LGD model.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It is user-invocable and allows model invocation (normal). It does not declare modifications to other skills or system-wide agent settings in the metadata. Seed.yaml indicates the host should reload it during execution, but that is a documentation/execution protocol instruction, not a registry-level persistence flag.
What to consider before installing
This package mixes credit LGD model artifacts with trading/backtesting (ZVT/MACD/Sphinx) and directs the agent to run Python checks, pip installs, and create files under ~/.zvt. Before installing or invoking: 1) Confirm whether you actually want a trading/backtest workflow or a pure LGD credit model — the skill appears to attempt both. 2) If you proceed, run it in an isolated environment (VM/container) because the skill may install packages and write to your home directory. 3) Inspect seed.yaml and references/LOCKS.md yourself to verify the enforced semantic locks (trading rules) are acceptable. 4) Ask the author/owner to clarify scope (remove trading/backtest prompts if only LGD is desired) or provide a trimmed skill that only contains credit-modeling instructions. 5) If you lack trust or need least privilege, avoid allowing the agent to run the precondition install commands automatically; perform those steps manually after review.
!
references/seed.yaml:796
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

creditvk971v7hz6panw48gk2kzffhmy985dtz4datavk971v7hz6panw48gk2kzffhmy985dtz4doramagic-crystalvk971v7hz6panw48gk2kzffhmy985dtz4financevk971v7hz6panw48gk2kzffhmy985dtz4latestvk971v7hz6panw48gk2kzffhmy985dtz4quantvk971v7hz6panw48gk2kzffhmy985dtz4riskvk971v7hz6panw48gk2kzffhmy985dtz4
64downloads
0stars
4versions
Updated 3d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
creditdatadoramagic-crystalfinancelatestquantrisk
Download

信用违约损失模型 (credit-lgd-model)

构建并训练 LGD(违约损失率)机器学习模型,支持基于历史违约数据的信用风险量化评估与预测。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (1 total)

Sphinx Documentation Configuration (UC-101)

This file configures the Sphinx documentation builder for the openLGD project, setting up project metadata, version information, and path configuratio Triggers: documentation, sphinx, configuration

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-CREDIT-RISK-001: Empty DataFrame passed to bucketing pipeline
  • AP-CREDIT-RISK-002: Multi-dimensional target array causing WoE shape mismatch
  • AP-CREDIT-RISK-003: OptimalBucketer receiving high-cardinality numerical features

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-112. Evidence verify ratio = 21.0% and audit fail total = 23. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-112 blueprint at 2026-04-22T13:00:54.441302+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...