ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vectorbt Vectorized

v0.3.3

基于 VectorBT 框架的向量化回测与因子研究工具,支持多市场数据批量回测、策略参数优化和统计套利分析。

0· 81·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/vectorbt-vectorized.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Vectorbt Vectorized" (tangweigang-jpg/vectorbt-vectorized) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/vectorbt-vectorized
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangweigang-jpg/vectorbt-vectorized

ClawHub CLI

Package manager switcher

npx clawhub@latest install vectorbt-vectorized
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match a backtesting/factor-research tool (vectorbt/ZVT). However, SKILL.md explicitly states it requires 'Python 3.12+ with uv package manager' and refers to zvt/vectorbt behavior, while the registry metadata lists no required binaries, no env vars, and no primary credential. The skill likely needs Python and specific libraries but does not declare them.
!
Instruction Scope
The runtime instructions (seed.yaml and SKILL.md) instruct the agent to re-read seed.yaml, run precondition checks (python3 -c 'import zvt' and other python commands), and follow an execution protocol that may trigger install or verification steps. Those steps involve executing system Python commands and possibly invoking pip to install packages (the preconditions include 'on_fail: Run: python3 -m pip install zvt'). The skill therefore expects the agent to run commands that touch the host environment and network, but the skill does not clearly disclose or restrict these actions.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk, but seed.yaml's execution_protocol references install_recipes[] and the SKILL.md claims compatibility requirements (Python 3.12+, uv). Because install instructions are missing from the manifest, it's unclear how required dependencies are to be obtained or verified — this is an omission to clarify rather than a direct red flag about a malicious install URL.
Credentials
The skill does not request API keys, config paths, or credentials in its manifest. However, the preconditions and execution protocol reference ZVT_HOME and running pip installs if zvt is missing. That implies the skill will use or create local directories and may perform network installs; the manifest should have declared these runtime needs and any required env vars (e.g., ZVT_HOME).
Persistence & Privilege
always:false and user-invocable:true (defaults) — the skill does not request forced global presence. There is no explicit instruction to modify other skills or global agent configuration. The seed.yaml does instruct the agent to re-read and prefer seed.yaml as authoritative, but that is local to the skill's files.
What to consider before installing
This skill appears to be a detailed, local 'crystal' for vectorized backtesting (vectorbt/ZVT) and is instruction-only (no code files to run from the registry). Before installing or running it: 1) ask the author/vendor for a short, explicit runtime manifest: which Python version, which pip packages (exact names/versions), and whether network/pip access is required; 2) verify whether it will run pip installs or create/modify local directories (SKILL.md references ZVT_HOME and pip install in preconditions); 3) run it in a sandboxed environment (container / disposable VM) the first time so package installation and any filesystem changes don't affect your primary workstation; 4) confirm the provenance/license (source unknown, license marked Proprietary); 5) if you need to run it on a shared system, ensure you have explicit permission for network installs and that no secrets or external webhooks will be used by the skill. If the author provides a clear, minimal dependency list and trusted install sources (PyPI package names or GitHub releases), this would reduce the concern.

Like a lobster shell, security has layers — review code before you run it.

cryptovk9732hfpekxmgcnksjah2qwdq585dbcsdatavk9732hfpekxmgcnksjah2qwdq585dbcsdoramagic-crystalvk9732hfpekxmgcnksjah2qwdq585dbcsfinancevk9732hfpekxmgcnksjah2qwdq585dbcslatestvk9732hfpekxmgcnksjah2qwdq585dbcsquantvk9732hfpekxmgcnksjah2qwdq585dbcs
81downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
cryptodatadoramagic-crystalfinancelatestquant
Download

VectorBT 向量回测 (vectorbt-vectorized)

基于 VectorBT 框架的向量化回测与因子研究工具,支持多市场数据批量回测、策略参数优化和统计套利分析。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (23 total)

Auto-generate API Documentation (UC-101)

Automatically generate API documentation in Markdown format from Python source code to maintain consistent and up-to-date documentation Triggers: api, documentation, generate

Update MkDocs Navigation (UC-102)

Automatically update the navigation structure in mkdocs.yml based on the actual API documentation files present in the docs directory Triggers: navigation, mkdocs, api

Bitcoin Daily MACD Trading Strategy (UC-103)

Execute a daily MACD (Moving Average Convergence Divergence) crossover strategy on Bitcoin to identify buy and sell signals based on momentum Triggers: bitcoin, BTC, MACD

For all 23 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (25 total)

  • AP-ZVT-183: 除权因子为 inf/NaN 时直接参与乘法导致复权静默失败
  • AP-ZVT-179: 第三方数据接口超限后异常被吞噬,数据静默缺失
  • AP-ZVT-183B: HFQ(后复权)与 QFQ(前复权)K 线表使用错误导致因子计算漂移

All 25 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-092. Evidence verify ratio = 38.1% and audit fail total = 27. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md25 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-092 blueprint at 2026-04-22T13:00:39.474430+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...