ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edgar Crawler

v0.3.3

从 SEC EDGAR 批量抓取上市公司年报(10-K)和季报(10-Q)文件,支持按季度增量更新与本地缓存,适用于美股基本面分析和量化研究数据获取。。

0· 119·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/edgar-crawler.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Edgar Crawler" (tangweigang-jpg/edgar-crawler) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/edgar-crawler
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edgar-crawler

ClawHub CLI

Package manager switcher

npx clawhub@latest install edgar-crawler
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md and metadata present the skill as an EDGAR (US 10-K/10-Q) crawler, but the included human_summary, seed.yaml, and many reference files repeatedly refer to ZVT, A‑share, eastmoney/joinquant/akshare, and backtesting/ trading semantics. The skill claims Python 3.12+ with the 'uv' package manager in the compatibility block but the registry shows no required binaries or install spec. This mismatch suggests the bundle is a mashup of two different blueprints (EDGAR vs ZVT) and the declared purpose does not justify the referenced dependencies and domain constraints.
!
Instruction Scope
The SKILL.md instructs the agent to re-read seed.yaml, consult references/LOCKS.md and other local reference files, run preconditions (python -c checks that call zvt), and follow an execution_protocol that implies installing recipes and running environment checks. Yet the skill registry declares no required config paths, binaries, or install steps. Instructions also embed trading 'semantic locks' and preconditions unrelated to raw EDGAR crawling (e.g., T+1 rules, MACD parameter locks). The instructions thus go beyond a narrow EDGAR download task and request actions (running Python checks, relying on zvt and ZVT_HOME) that are not declared.
Install Mechanism
There is no install spec (instruction-only), which is lowest-risk in isolation. However SKILL.md and seed.yaml reference an install_trigger and require Python 3.12+ and the 'uv' package manager and expect 'zvt' to be present. The absence of an explicit install recipe is inconsistent and leaves unclear what, if anything, the agent will attempt to install or require at runtime.
!
Credentials
The registry lists no required environment variables, yet SKILL.md/seed.yaml and preconditions reference ZVT_HOME and expect zvt to be initialized. The skill also describes integration with multiple data providers (eastmoney, joinquant, akshare, SEC EDGAR) — some of which require tokens/accounts — but it does not declare any credentials. This mismatch (using env/config values but not declaring them) is an incoherence risk because the runtime behavior may implicitly rely on user credentials or environment settings not surfaced to the installer.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does instruct the agent to read local packaged reference files and run preconditions, but there is no request for persistent system-wide privileges or an 'always' install. No evidence it tries to modify other skills or system configs.
What to consider before installing
This skill is internally inconsistent: it advertises an SEC EDGAR batch crawler but most of its references and runtime checks are for a ZVT/A‑share backtesting pipeline and it names Python/zvt as prerequisites without declaring any install steps or required environment variables. Before installing or invoking: 1) Ask the publisher to clarify the primary purpose (EDGAR vs ZVT) and to provide an explicit install spec (which Python version, pip/uv commands, and packages such as zvt). 2) Require a clear list of environment variables and credentials the skill will use (e.g., ZVT_HOME, any API tokens), and do not provide secrets until that list is confirmed. 3) Request that they remove unrelated trading/backtest 'semantic locks' if the package is only intended for EDGAR crawling. 4) Verify network behavior: confirm how it will call EDGAR (User-Agent handling, rate limiting, timeouts) to avoid accidental IP blocks or data exfiltration. If the author cannot clearly explain these mismatches, treat the skill as untrusted and do not run it in a privileged or production environment.

Like a lobster shell, security has layers — review code before you run it.

datavk973gpnjy1zh6zme0xx97e64qx85dbsydoramagic-crystalvk973gpnjy1zh6zme0xx97e64qx85dbsyfinancevk973gpnjy1zh6zme0xx97e64qx85dbsylatestvk973gpnjy1zh6zme0xx97e64qx85dbsyquantvk973gpnjy1zh6zme0xx97e64qx85dbsy
119downloads
0stars
3versions
Updated 5d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
datadoramagic-crystalfinancelatestquant
Download

EDGAR 文件抓取 (edgar-crawler)

从 SEC EDGAR 批量抓取上市公司年报(10-K)和季报(10-Q)文件,支持按季度增量更新与本地缓存,适用于美股基本面分析和量化研究数据获取。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (1 total)

SEC EDGAR Filing Extraction (UC-101)

Extracts and processes SEC EDGAR filings (10-K annual reports, 10-Q quarterly reports) from compressed ZIP archives for downstream financial analysis Triggers: EDGAR, SEC filings, 10-K extraction

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-DATA-SOURCING-001: Missing or invalid User-Agent headers for SEC API requests
  • AP-DATA-SOURCING-002: Ignoring external API rate limits causing IP blocking
  • AP-DATA-SOURCING-003: No HTTP timeout configuration causing indefinite hangs

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-114. Evidence verify ratio = 32.9% and audit fail total = 29. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-114 blueprint at 2026-04-22T13:00:54.950360+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...