ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sec Edgar Tools

v0.3.3

从 SEC EDGAR 系统获取和解析公司监管文件,支持 SEC 文件检索、财务报表(10-K/10-Q)提取、内部人交易(Form 4)追踪及机构持仓(13F)分析。。

0· 79·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/sec-edgar-tools.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sec Edgar Tools" (tangweigang-jpg/sec-edgar-tools) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/sec-edgar-tools
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/sec-edgar-tools

ClawHub CLI

Package manager switcher

npx clawhub@latest install sec-edgar-tools
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description say 'SEC EDGAR' file retrieval, but SKILL.md and included files repeatedly reference ZVT, A-share workflows, eastmoney/akshare/joinquant providers, and A-share-specific semantic locks. The declared requirements list nothing (no binaries, no env vars) yet the embedded seed/locks expect a Python+zvt environment and ZVT_HOME. This mismatch (US-EDGAR vs Chinese data-stack + undeclared runtime needs) is incoherent.
!
Instruction Scope
SKILL.md / seed.yaml execution_protocol instructs the agent to reload seed.yaml, run preconditions (examples call python3 -c 'import zvt' and check ZVT_HOME, write tests, etc.), and enforce many domain-level checks. Those are host-level operations (running python, touching files, checking env vars) but the skill did not declare those runtime requirements. The instructions also demand citing AP*/CW*/SHARED*/KUC* ids and reference long internal resources — this grants the agent broad discretion to run system checks and rely on host-installed libraries.
Install Mechanism
The skill is instruction-only (no install spec and no code files to execute), which is low-risk. However seed.yaml contains an execution_protocol that references host_adapter.install_recipes and 'verify each package with import check' and the LOCKS.md preconditions include pip install suggestions. Those implicit install expectations are not declared in the registry metadata.
!
Credentials
Registry shows no required env vars or credentials, yet documentation and preconditions reference ZVT_HOME and demand Python and zvt package presence. The skill refers to external data providers (eastmoney, joinquant, akshare) which often require API keys/accounts, but no credentials are declared. Asking for unspecified credentials or relying on host env vars without declaring them is disproportionate and opaque.
Persistence & Privilege
always:false (good). The skill allows autonomous invocation (default) which is normal; combined with the other inconsistencies (host-level preconditions, implicit install steps) this increases the surface but does not by itself justify a higher privilege concern.
What to consider before installing
This skill claims SEC EDGAR functionality but the runtime materials are built around Python + the ZVT ecosystem and Chinese data sources (eastmoney/akshare). Before installing or enabling: 1) Ask the publisher/source (none listed) to clarify intended data sources (US SEC vs A-share) and provide a manifest of required binaries, env vars (e.g., ZVT_HOME), and credentials. 2) Expect to need Python 3.12+ and the 'zvt' package and to set ZVT_HOME; don't supply secrets until you understand which provider needs them and why. 3) Confirm whether the agent will run host commands (python3 -c ...) or attempt to install packages — if you don't want that, decline installation. 4) If you will use EDGAR scraping, ensure the implementation will set a valid User-Agent/contact info and implement rate limiting/backoff (the references explicitly warn this). 5) If unclear, treat this skill as untrusted: run in an isolated environment or ask for a corrected SKILL.md that lists all runtime requirements and exact actions the agent will perform.

Like a lobster shell, security has layers — review code before you run it.

doramagic-crystalvk979k66bqs322mvawt1ejh6hfn85ckryfinancevk979k66bqs322mvawt1ejh6hfn85ckrylatestvk979k66bqs322mvawt1ejh6hfn85ckry
79downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
doramagic-crystalfinancelatest
Download

SEC EDGAR 工具 (sec-edgar-tools)

从 SEC EDGAR 系统获取和解析公司监管文件,支持 SEC 文件检索、财务报表(10-K/10-Q)提取、内部人交易(Form 4)追踪及机构持仓(13F)分析。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (55 total)

SEC Filing Discovery and Company Lookup (UC-101)

Discovering and retrieving SEC filings for companies to understand their regulatory submissions, corporate actions, and financial disclosures Triggers: sec filings, company lookup, edgar search

Company Financials Retrieval (UC-102)

Extracting financial data from SEC filings to analyze company performance, including income statements, balance sheets, and cash flows Triggers: financials, income statement, balance sheet

Insider Transaction Tracking (Form 4) (UC-103)

Tracking insider buying and selling activities by processing Form 4 filings to identify significant insider transactions and ownership changes Triggers: insider trading, form 4, insider transactions

For all 55 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (14 total)

  • AP-DATA-SOURCING-001: Missing or invalid User-Agent headers for SEC API requests
  • AP-DATA-SOURCING-002: Ignoring external API rate limits causing IP blocking
  • AP-DATA-SOURCING-003: No HTTP timeout configuration causing indefinite hangs

All 14 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-070. Evidence verify ratio = 39.3% and audit fail total = 36. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md14 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-070 blueprint at 2026-04-22T13:00:24.449859+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...