ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Credit Scorecard

v0.3.3

基于监督学习、决策树或聚类等多种算法,自动为评分卡变量生成最优分箱边界,同时支持单调性约束和缺失值处理。

0· 60·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/credit-scorecard.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Credit Scorecard" (tangweigang-jpg/credit-scorecard) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/credit-scorecard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/credit-scorecard

ClawHub CLI

Package manager switcher

npx clawhub@latest install credit-scorecard
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description focus on credit-scorecard bucketing and WoE pipelines, but SKILL.md and human_summary heavily reference trading/backtest (ZVT, MACD, trading execution, backtests) and semantic locks for trading. The skill appears to conflate credit-risk bucketing and a trading/backtest toolkit (ZVT). This mismatch between declared purpose (scorecard) and the broader finance/backtesting capabilities is unexpected and worth verifying with the author.
!
Instruction Scope
SKILL.md contains explicit runtime protocol: agents MUST re-read seed.yaml, run precondition checks that execute python -c commands, and follow an execute_protocol that may cause the agent to run installation or remediation commands (e.g., pip install zvt, zvt.init_dirs). The skill also references host workspace paths (placeholders like {host_workspace}/skills/), and enforces re-reading local seed.yaml before behavioral decisions. Those instructions allow the agent to read and interact with local files and to attempt package installation—scope creep beyond a simple 'instruction-only' helper.
Install Mechanism
There is no formal install spec (instruction-only, no code files), which is low disk persistence risk. However SKILL.md and seed.yaml explicitly expect Python 3.12+ and an 'uv' package manager and include preconditions that remediate by running pip install zvt. Although not an embedded installer, the instructions encourage installing third-party packages at runtime—which can pull arbitrary code from PyPI and should be treated as an install action.
Credentials
The skill declares no required env vars or credentials, which is good. But SKILL.md references ZVT_HOME and includes precondition scripts that create/write to ~/.zvt (touch/unlink), and workspace_resolution points to host workspace paths. The skill therefore expects file-system access and specific environment layout; it does not request secrets but will read/write config directories and may install packages. This level of access is broader than implied by a simple 'bucketing' helper.
Persistence & Privilege
always:false and no install spec mean the skill is not requesting permanent automatic inclusion or explicit system-level persistence. Autonomous invocation (disable-model-invocation:false) is the platform default; by itself it is not flagged. Note: combined with instruction_scope concerns (ability to read workspace and run installs), autonomous invocation would increase potential impact—consider restricting automatic runs if you don't fully trust the skill.
What to consider before installing
This is an instruction-only skill (no code files), but its instructions go beyond simple bucketing: it intermixes credit-scorecard logic with trading/backtest workflows (ZVT, MACD), asks agents to re-read local seed.yaml, run python checks and even suggests pip installing zvt and initializing ~/.zvt. Before installing or enabling this skill: 1) Inspect seed.yaml and the referenced files yourself to confirm they don't reference sensitive host paths or run unexpected commands. 2) Do not grant it autonomous execution in a production agent until you've sandbox-tested it (use an isolated VM/container). 3) If you need zvt, prefer installing packages manually from a vetted source and verify package integrity (pinned versions, known PyPI authors). 4) Be cautious about allowing the skill to read your host workspace or write to ~/.zvt; if possible, run it with a restricted working directory. 5) If the skill is intended only for credit scoring, ask the author to remove trading/backtest-specific preconditions and workspace-resolution rules or to provide a dedicated, minimal variant. If you lack the ability to audit the files, treat this skill as untrusted and avoid enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

creditvk971wrtx31je5xeekjt56y8ncn85c8y7doramagic-crystalvk971wrtx31je5xeekjt56y8ncn85c8y7financevk971wrtx31je5xeekjt56y8ncn85c8y7latestvk971wrtx31je5xeekjt56y8ncn85c8y7
60downloads
0stars
4versions
Updated 3d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
creditdoramagic-crystalfinancelatest
Download

信用评分卡 (credit-scorecard)

基于监督学习、决策树或聚类等多种算法,自动为评分卡变量生成最优分箱边界,同时支持单调性约束和缺失值处理。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (43 total)

Optimal Supervised Bucketing (UC-1)

Automatically find optimal bucket boundaries that maximize predictive power while respecting monotonicity constraints Triggers: optimal, supervised, monotonic

Decision Tree Supervised Bucketing (UC-2)

Use supervised learning to find bucket boundaries based on target variable correlation Triggers: decision tree, supervised, pre-bin

Equal Width Unsupervised Bucketing (UC-3)

Divide numerical features into N equally spaced intervals regardless of data distribution Triggers: equal width, unsupervised, histogram

For all 43 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-CREDIT-RISK-001: Empty DataFrame passed to bucketing pipeline
  • AP-CREDIT-RISK-002: Multi-dimensional target array causing WoE shape mismatch
  • AP-CREDIT-RISK-003: OptimalBucketer receiving high-cardinality numerical features

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-050. Evidence verify ratio = 78.6% and audit fail total = 24. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-050 blueprint at 2026-04-22T13:00:17.518473+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...