ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Financial Ratios Toolkit

v0.3.3

提供多市场财务分析能力,涵盖历史数据获取、财务报表解析、财务比率计算、固定收益分析、投资组合绩效评估和股票基本面筛选等核心功能。。

0· 95·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/financial-ratios-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Financial Ratios Toolkit" (tangweigang-jpg/financial-ratios-toolkit) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/financial-ratios-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install financial-ratios-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install financial-ratios-toolkit
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and included reference files consistently describe a finance/quant toolkit (ratios, backtests, fixed income, portfolio analytics). That purpose is coherent with the instructions and listed components. However the SKILL.md explicitly states runtime requirements (Python 3.12+, 'uv' package manager, Doramagic host expectations and heavy reliance on the zvt ecosystem) while the registry metadata lists no required binaries or env vars — an inconsistency between what it claims it needs and what it declares.
!
Instruction Scope
The SKILL.md contains concrete preconditions that instruct the agent to run shell/python commands (e.g., python3 -c 'import zvt', run zvt.recorders, run zvt.init_dirs) and to check/create ~/.zvt (ZVT_HOME). Those runtime steps go beyond pure conversational guidance and will cause the host to check/install packages and touch files. The skill also references external data providers (eastmoney, joinquant, qmt) which imply account credentials may be required at runtime, but these credentials are not declared.
!
Install Mechanism
There is no install spec in the registry (instruction-only), but seed.yaml's execution_protocol mentions install recipes and host install triggers. SKILL.md suggests installing Python packages (pip install zvt) as part of precondition remediation. The absence of a clear, declared install mechanism in the registry while the instructions expect pip installs and host actions is an incoherence that can surprise users and hosts.
!
Credentials
Registry metadata declares no required environment variables or credentials, but SKILL.md/preconditions reference ZVT_HOME and expect zvt to be present; the skill also expects access to external data providers (some requiring accounts/API keys). The skill therefore implicitly requires filesystem write access (~/.zvt), package installation privileges, and possibly provider API keys — none of which are documented in requires.env. That mismatch increases the risk of unexpected credential or environment access.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). It requests the agent to create/read its own data directory (~/.zvt) and run package installation checks; it does not request system-wide persistent privileges or modify other skills. This is expected for a toolkit that uses a local data store, but users should be aware the skill will attempt to create/modify ~/.zvt and may run pip commands if preconditions fail.
What to consider before installing
This skill appears to be a genuine finance/quant toolkit, but there are important mismatches you should resolve before installing: (1) SKILL.md expects Python 3.12+, the 'uv' package manager, and the zvt ecosystem (including a writable ZVT_HOME directory ~/.zvt) — yet the registry lists no required binaries/env vars. Ask the publisher to declare required binaries, explicit install steps, and any environment variables (e.g., ZVT_HOME) and required provider credentials. (2) Expect the skill to run python commands and possibly pip install zvt or invoke zvt recorders that may contact external data providers; run it in an isolated environment (container/VM) until you've validated behavior. (3) If you will provide data-provider credentials (eastmoney/joinquant/qmt), only provide the minimum required and confirm where they are stored; prefer short-lived or least-privilege keys. (4) Ask for a clear install spec or packaged release (PyPI/GitHub release) and a copy of LICENSE.txt; if the author cannot provide these, treat the package as incomplete. Providing those clarifications would raise confidence that the skill is coherent and reduce the need for caution.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk97dn88arvg8t380je0z6x8cv185dcw4datavk97dn88arvg8t380je0z6x8cv185dcw4doramagic-crystalvk97dn88arvg8t380je0z6x8cv185dcw4financevk97dn88arvg8t380je0z6x8cv185dcw4latestvk97dn88arvg8t380je0z6x8cv185dcw4portfoliovk97dn88arvg8t380je0z6x8cv185dcw4quantvk97dn88arvg8t380je0z6x8cv185dcw4
95downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
analyticsdatadoramagic-crystalfinancelatestportfolioquant
Download

财务比率工具 (financial-ratios-toolkit)

提供多市场财务分析能力,涵盖历史数据获取、财务报表解析、财务比率计算、固定收益分析、投资组合绩效评估和股票基本面筛选等核心功能。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (13 total)

Multi-Module Financial Analysis Overview (UC-101)

Demonstrating comprehensive financial analysis capabilities covering multiple domains including historical data, financial statements, ratios, models, Triggers: financial analysis, overview, multi-module

Fixed Income Analysis and Bond Valuation (UC-103)

Analyzing fixed income securities including bond statistics, duration calculations, derivative pricing models, and government/corporate bond yield com Triggers: bond, fixed income, yield

Financial Ratio Analysis (UC-106)

Evaluating company financial health through profitability ratios, solvency ratios, liquidity ratios, valuation ratios, and custom ratio calculations f Triggers: ratio, profitability, solvency

For all 13 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-PORTFOLIO-ANALYTICS-001: Division by zero in price ratio calculations corrupts rebalancing
  • AP-PORTFOLIO-ANALYTICS-002: Look-ahead bias from unshifted signal generation and position calculations
  • AP-PORTFOLIO-ANALYTICS-003: Non-positive-semidefinite covariance matrix breaks CVXPY optimization

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-118. Evidence verify ratio = 33.3% and audit fail total = 62. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-118 blueprint at 2026-04-22T13:00:57.393924+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...