ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cryptofeed Ws Feeds

v0.3.3

实时获取多个加密货币交易所的市场数据流,支持异步回调处理并将交易、行情、订单簿等数据持久化到ArcticDB时序数据库。

0· 68·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/cryptofeed-ws-feeds.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cryptofeed Ws Feeds" (tangweigang-jpg/cryptofeed-ws-feeds) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/cryptofeed-ws-feeds
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/cryptofeed-ws-feeds

ClawHub CLI

Package manager switcher

npx clawhub@latest install cryptofeed-ws-feeds
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description and use-cases describe live crypto feeds, authenticated exchange demos, and persistence to ArcticDB (and many other backends). That purpose legitimately requires Python dependencies and service credentials (exchange API keys, DB connection info, cloud credentials). However the skill declares no required env vars, no primary credential, and no install spec. This mismatch (rich capability list vs no declared dependencies/credentials) is incoherent and unexplained.
!
Instruction Scope
SKILL.md and seed.yaml instruct the agent to reload seed.yaml, run preconditions that execute Python commands (import checks, pip install), check/create ~/.zvt (ZVT_HOME), and the use-cases reference publishing to external endpoints (GCP Pub/Sub, Kafka, TCP/UDP, proxies) and performing authenticated trading. Those runtime instructions can read env vars, touch host paths, and send data externally — yet the skill does not explicitly declare which env vars or endpoints will be used. The instructions also reference running package installation and precondition scripts, giving the agent broad discretion unless constrained externally.
Install Mechanism
No install spec is provided (instruction-only), which lowers direct filesystem/write risk. However seed.yaml's execution_protocol mentions running host_adapter.install_recipes[] and the SKILL.md includes precondition remediation that runs `python3 -m pip install zvt` if checks fail. The presence of these install expectations without a formal install manifest is an inconsistency and could result in the agent attempting arbitrary pip installs at runtime.
!
Credentials
The skill requests no environment variables or credentials but its content requires them in practice: ZVT_HOME is referenced by preconditions, and exchanging/backends (Binance, Bybit, ArcticDB, GCP Pub/Sub, Kafka, proxies) need API keys, connection strings, or broker addresses. The absence of declared required env vars or a primary credential is disproportionate and prevents the user from understanding what secrets the skill will need.
Persistence & Privilege
The skill is not marked always:true and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default). That autonomy combined with the instruction-level ability to run pip installs, check/create ~/.zvt, and connect to external endpoints increases potential blast radius, but autonomy alone is not a disqualifier.
What to consider before installing
This skill is internally inconsistent: it describes authenticated exchange feeds and many external backends but does not declare the credentials or install steps needed. Before installing or running it: 1) Ask the publisher for a clear install manifest and a list of required environment variables (exchange API keys, ArcticDB connection string, cloud credentials, ZVT_HOME, proxy settings). 2) Verify any runtime commands it will execute (pip install, python commands) and run them in a sandbox or controlled environment first. 3) If you need authenticated trading, only provide API keys with least privilege (read-only where possible) and consider using ephemeral/test keys. 4) Confirm where live data may be sent (GCP/Kafka/TCP endpoints) and ensure you trust those endpoints. 5) If you cannot obtain clarifications, treat this skill as risky and avoid granting it access to real exchange accounts or sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

cryptovk97ct1v61r6p87c568saws75js85dpkydatavk97ct1v61r6p87c568saws75js85dpkydoramagic-crystalvk97ct1v61r6p87c568saws75js85dpkyfinancevk97ct1v61r6p87c568saws75js85dpkylatestvk97ct1v61r6p87c568saws75js85dpkytimeseriesvk97ct1v61r6p87c568saws75js85dpky
68downloads
0stars
3versions
Updated 1d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
cryptodatadoramagic-crystalfinancelatesttimeseries
Download

加密货币实时行情 (cryptofeed-ws-feeds)

实时获取多个加密货币交易所的市场数据流,支持异步回调处理并将交易、行情、订单簿等数据持久化到ArcticDB时序数据库。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (40 total)

General Callback Handler Demo (UC-101)

Demonstrates how to define and use async callback handlers for receiving real-time market data updates from cryptocurrency exchanges Triggers: callback handler, ticker callback, async handler

ArcticDB Data Storage (UC-102)

Stores cryptocurrency trade, funding, and ticker data to ArcticDB (Arctic) time-series database for persistence and later analysis Triggers: ArcticDB, arctic storage, time series database

Bequant/HitBTC Exchange Features (UC-103)

Demonstrates each supported features (ticker, trades, order book, candles) for Bequant and HitBTC exchanges which share the same API Triggers: Bequant, HitBTC, Bitcoin.com exchange

For all 40 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (13 total)

  • AP-CRYPTO-TRADING-001: Float Arithmetic for Monetary Values
  • AP-CRYPTO-TRADING-002: Missing Market Initialization Before Access
  • AP-CRYPTO-TRADING-003: Bypassing API Facade Layer

All 13 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-110. Evidence verify ratio = 53.1% and audit fail total = 18. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md13 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-110 blueprint at 2026-04-22T13:00:52.892309+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...