ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Finrobot Multi Agent

v0.3.3

多智能体金融分析平台,支持股票研究、市场预测、财报解读与量化回测策略构建,覆盖全球市场数据分析。

0· 101·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/finrobot-multi-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Finrobot Multi Agent" (tangweigang-jpg/finrobot-multi-agent) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/finrobot-multi-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install finrobot-multi-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install finrobot-multi-agent
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (financial multi-agent analysis, backtesting, report generation) matches the instruction content. However SKILL.md explicitly requires Python 3.12+, the 'uv' package manager, zvt package and data recorders (e.g., zvt.recorders.em.em_stock_kdata_recorder) and expects access to data providers (eastmoney/joinquant/akshare/OpenBB). None of those runtime requirements (binaries, packages, or config paths) are declared in the registry metadata, which is an incoherence: the skill will likely need local Python packages, writable data directories, and possibly API credentials to function.
!
Instruction Scope
The SKILL.md instructs the agent to reload seed.yaml, run precondition Python checks, and (on failure) run pip installs and recorder commands that touch the user's filesystem (~/.zvt) and may perform network calls to data providers. It also instructs agents to cite internal anti-patterns and re-read authoritative seed.yaml before decisions. These runtime instructions go beyond a passive text-only skill: they direct file reads, write-tests, package installs, and invocations of data recorders—which grant the agent broad I/O and network scope not reflected in the declared requirements.
Install Mechanism
There is no install spec in the registry (instruction-only), which reduces direct install risk. However SKILL.md's execution protocol and preconditions reference running python3 -m pip install zvt and running recorder commands; because these install steps are only described in prose (not declared in install spec), the agent may attempt to run package installs at runtime. That mismatch (no formal install recipe but prose telling the agent to install) is a behavioral risk and makes reproducible review harder.
!
Credentials
Registry metadata lists no required env vars or config paths, but SKILL.md references ZVT_HOME, and precondition checks read ~/.zvt and run zvt APIs. The skill also targets multiple external data providers (eastmoney, joinquant, FMP, OpenBB) that normally require API keys or accounts; no credentials are requested or described. The absence of declared credentials while the instructions imply access to providers and to local data directories is disproportionate and ambiguous.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). It does include protocols that instruct reading and writing user data directories and running package-install commands if preconditions fail. Autonomous invocation (disable-model-invocation: false) combined with the un-declared ability to perform installs and filesystem writes increases potential blast radius, but alone does not prove malicious intent.
What to consider before installing
This skill appears to be a substantial multi-agent finance blueprint, but its runtime expectations are not fully declared. Before installing or running: 1) Inspect SKILL.md and seed.yaml yourself — they expect Python 3.12+, the 'uv' package manager, and the zvt package. 2) Do not provide any secret API keys blindly; the skill references multiple data providers but does not declare required credentials. 3) Run it in a sandboxed environment (container or VM) so its pip installs and ~/.zvt writes cannot affect your primary system. 4) If you plan to use live trading features, verify the semantic locks (T+1, next-bar execution, MACD params) and confirm rate-limiting and legal/regulatory constraints (e.g., SEC EDGAR). 5) Ask the publisher for a clear install spec and an explicit list of required environment variables/credentials; absence of those is the main coherence problem. If you cannot verify these items, treat the skill cautiously (do not run it with real credentials or on your main workstation).

Like a lobster shell, security has layers — review code before you run it.

aivk979mm2ywy62sx0a4n3zy399j185d915datavk979mm2ywy62sx0a4n3zy399j185d915doramagic-crystalvk979mm2ywy62sx0a4n3zy399j185d915financevk979mm2ywy62sx0a4n3zy399j185d915latestvk979mm2ywy62sx0a4n3zy399j185d915quantvk979mm2ywy62sx0a4n3zy399j185d915
101downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
aidatadoramagic-crystalfinancelatestquant
Download

FinRobot 多智能体 (finrobot-multi-agent)

多智能体金融分析平台,支持股票研究、市场预测、财报解读与量化回测策略构建,覆盖全球市场数据分析。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (14 total)

FMP API Equity Research Report Generator (UC-101)

Investors need comprehensive equity research reports that combine financial statement analysis, peer comparisons, and recent news to make informed inv Triggers: equity research, financial analysis report, FMP API

Multi-Agent Annual Report Generator (UC-102)

Financial analysts require automated generation of customized financial analysis reports that can interact with clients, gather requirements, and prod Triggers: annual report, financial report generation, multi-agent

OpenBB Financial Data Agent (UC-104)

Users need an intelligent agent interface to access OpenBB's comprehensive financial data capabilities including market data, fundamentals, and techni Triggers: openbb, financial data agent, market data

For all 14 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-MACRO-DATA-001: SEC EDGAR Rate Limit Violation
  • AP-MACRO-DATA-002: Temporal Knowledge Graph Look-Ahead Bias
  • AP-MACRO-DATA-003: Technical Indicator Look-Ahead Bias via Missing Shift

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-074. Evidence verify ratio = 11.5% and audit fail total = 36. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-074 blueprint at 2026-04-22T13:00:27.479397+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...