Claw Future
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A one-time or weekday-only scheduled order could execute again on later days if the daemon stays running.
The daemon scheduler only checks the clock time and whether it already fired that date; it does not show enforcement of the SKILL.md-advertised --days values such as once or weekday. For scheduled financial orders, that can turn one user request into repeated future trades.
class ScheduleEngine: """定时任务,每天在指定时间触发一次。""" ... if sched.get("time") != cur_time: continue ... if sched.get("triggered_date") == cur_date: continue ... fired.append(sched)Avoid scheduled live orders until the implementation visibly enforces once/weekday/daily scope, expiry, and a user-visible next-run list.
Installing and configuring the skill gives it the ability to authenticate to a futures trading account and act with that account's trading privileges.
The skill requires sensitive broker credentials and CTP authentication material in a local config.json, while the registry metadata declares no primary credential or required environment variables.
"user_id": "你的账户号", "md_password": "行情密码", "td_password": "交易密码", "app_id": "your_app_id", "auth_code": "your_auth_code"
Use only simulation or minimal-risk accounts until verified; protect config.json, prefer scoped/read-only or test credentials where possible, and ensure the registry declares the credential requirements clearly.
An accidental or overly autonomous invocation could place or cancel live orders through the daemon.
High-impact trading commands are sent as plain JSON to a localhost daemon; the visible client protocol does not include an authorization token, technical approval gate, or risk limit. The safety model relies heavily on the agent following confirmation instructions.
s = socket.create_connection(("127.0.0.1", port), timeout=_TIMEOUT) ... s.sendall((json.dumps(cmd, ensure_ascii=False) + "\n").encode()) ... def cmd_order(args) -> None: ... "cmd": "order" ... _out(_send(cmd))Add enforced confirmations or a local auth token in the daemon protocol, plus max volume/price limits, dry-run mode, and explicit user approval for every live mutation.
The system can continue making live trading decisions after the conversation ends, with real financial consequences.
The skill explicitly creates a background daemon that can autonomously send orders after a condition is met, even when the user is not present.
一旦价格条件满足...daemon 立即向 CTP 发出委托,无需人工干预。设置后即使用户不在线,daemon 后台自动执行。
Use simulation first, review active alerts/schedules frequently, set expirations and size limits, and stop the daemon when not actively needed.
Users cannot easily verify that the trading code came from a trusted, maintained source.
The skill has a provenance gap and a placeholder-looking homepage, which matters more because the package handles credentials, native code, and live trading.
Source: unknown; Homepage: https://github.com/your-org/claw-future
Install only from a verified repository or audited package, and confirm the native CTP bridge and SDK files match trusted upstream versions.
The skill may compile and load local C++ code during setup/startup.
First use can run platform build scripts and then load the generated native shared library. This is expected for the CTP bridge, but it is still native code execution.
if not _LIB_PATH.exists(): auto_build() ... result = subprocess.run(cmd) ... return ctypes.CDLL(str(_LIB_PATH))
Review the bridge source and build scripts before first run, and run it in a controlled environment.
Local files or logs may reveal account activity, positions, orders, and trades.
The daemon keeps financial account, position, order, and trade data in memory and writes a local log file. This is purpose-aligned, but it is sensitive trading data.
logging.FileHandler(_SCRIPTS / "clawtrader.log", encoding="utf-8") ... self._positions ... self._account ... self._active_orders ... self._today_trades
Protect the skill directory, avoid sharing logs/config files, and clear logs if they are no longer needed.