← Back to Skills Marketplace
Racing Quant AI
by
chenxyzcyxpp
· GitHub ↗
· v1.5.0
· MIT-0
157
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install racing-quant-ai
Description
赛马量化AI选股系统,集成量化策略选股+个股智能推荐分析。从量化策略数据库筛选符合需求的策略,获取持仓个股,再进行深度分析,最终给出投资参考。触发词:量化选股,racing quant,策略选股,数据库选股,量化分析,AI选股。
Usage Guidance
This skill appears to implement the advertised DB-driven stock-selection and analysis, but it includes hard-coded credentials for a remote MySQL server (47.121.180.199, user 'display', password 'display999!') and executes shell commands that access absolute paths on the agent host and other skill directories. Before installing or running it consider:
- Treat the embedded DB credentials as sensitive: queries you run with this skill will go to a third‑party server you do not control. Do you trust that server and its operator? Could it log queries or return manipulated data?
- The scripts call execSync to run Python/CLI tools and an agent-browser navigation command from /root/.openclaw/..., which assumes filesystem access and lets the skill execute code outside its own files. If you run this skill, it may execute code belonging to other skills or local files.
- The repository does not declare required env vars or network/DB access even though it needs them; that reduces transparency. Consider asking the publisher to: (a) remove hard-coded credentials and require explicit, documented configuration (env vars or user-provided connection info), (b) avoid absolute host paths and execing other skills' code, and (c) explain what data is sent to the remote DB and external web searches.
If you need the functionality but worry about privacy/trust, run the scripts in an isolated environment where you control network access (or replace the DB connection with a local/test database) and audit or sandbox any child process calls before allowing autonomous invocation.
Capability Analysis
Type: OpenClaw Skill
Name: racing-quant-ai
Version: 1.5.0
The skill bundle provides a quantitative stock analysis system that connects to a remote MySQL database (47.121.180.199) using hardcoded credentials (display/display999!). While the behavior aligns with the stated purpose of fetching financial data, several scripts (notably get-positions-correct.js) utilize execSync to execute shell commands with parameters derived from external data, creating a risk of command injection. Additionally, the inclusion of hardcoded remote database credentials and the use of shell execution for inter-skill communication are high-risk patterns, although no clear evidence of intentional malice or data exfiltration was found.
Capability Assessment
Purpose & Capability
The name/description claim to query a remote strategy database and perform multi‑dimensional stock analysis — the included scripts do exactly that (multiple scripts connect to a MySQL server and extract holdings). That core capability is coherent with the skill purpose. However, the DB host, port, username and password are hard-coded in scripts (host: 47.121.180.199, user: 'display', password: 'display999!', database: 'db_strategy'), while the skill metadata declares no required environment variables or credentials. Embedding credentials in the code and failing to declare the need for network/DB access is unexpected and worth noting.
Instruction Scope
SKILL.md and the scripts instruct the agent to perform actions beyond simple in-memory logic: Node.js scripts connect to a remote MySQL server and run many SQL queries; some scripts call out to other skills and the host via child_process.execSync (examples: running a Python CLI under /root/.openclaw/workspace/skills/new-akshare-stock and invoking an 'agent-browser navigate' command). The skill executes shell commands and assumes access to the agent host filesystem and other skills' directories. These steps broaden the runtime scope (network I/O, filesystem access, execution of other skill code) and could be used to access or transmit data beyond the user's intent if misused.
Install Mechanism
There is no install spec (instruction-only plus included scripts). That is lower-risk in terms of remote installs, but the scripts require Node.js and the 'mysql' package (declared in SKILL.md) and also expect other skills (new-akshare-stock, cn-web-search, wechat-article-search) to be present and callable. The scripts execute Python/CLI from an absolute path (/root/.openclaw/workspace/skills/new-akshare-stock), which assumes a specific runtime layout and gives them the ability to invoke code located elsewhere on the host.
Credentials
No required environment variables or primary credential are declared in the skill metadata, but every script contains a hard-coded set of DB credentials (host 47.121.180.199, user 'display', password 'display999!', database 'db_strategy'). The skill also integrates with other skills (new-akshare-stock, cn-web-search, wechat-article-search) but does not declare or request any credentials those integrations might need. Hard-coded secrets in distributed skill code and undocumented dependencies on other skills reduce transparency and are disproportionate to what a user would normally expect from an analysis-only skill.
Persistence & Privilege
The skill is not marked always:true (good). Default autonomous invocation is allowed (platform default) but that alone is not a disqualifier. The main concern is that scripts invoke child processes and reference absolute host paths (/root/.openclaw/workspace/skills/...), which lets the skill run code from other skill directories and the host environment when executed — increasing the practical privilege/impact of an autonomous invocation if it runs unexpectedly.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install racing-quant-ai - After installation, invoke the skill by name or use
/racing-quant-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
**v1.5.0重大更新:全面切换至成熟Skill调用,提升数据稳定性与分析深度。**
- 行情、财务及资金流数据全面改为调用成熟skill(如new-akshare-stock),弃用底层akshare接口,保证数据源稳定。
- 个股深度分析增加cn-web-search技能,全网搜索公开信息&机构研报,优先标注公众号深度报告标题。
- 使用微信文章深度搜索/融合机制,整合公众号研究内容于综合分析并自动注释来源。
- 工作流补充兜底规则:多策略匹配时仅列出策略信息,需用户确认后再分析持仓。
- 默认分析个股数量无输入时改为前5只,统一报告结构输出,信息来源和免责声明标准规范。
v1.4.0
**Changelog for v1.4.0**
- Added `scripts/check-table.js` script for table checking.
- Added `scripts/get-ml1-holdings.js` script to retrieve ML1 holdings from the database.
v1.0.0
Racing Quant AI 1.0.0 – 首发版
- 全新推出A股量化选股分析系统,集策略筛选与个股深度基本面分析于一体。
- 支持基于用户需求自动匹配数据库量化策略,获取最新持仓股票列表。
- 个股分析涵盖五大维度:交易数据、股价走势、资金面、基本面、综合评价,并严格输出风险提示与免责声明。
- 提供多模式交互:关键词检索、分类筛选、智能偏好引导。
- 集成Node.js脚本和miaoda-web-search,便于持仓获取及实时信息分析。
Metadata
Frequently Asked Questions
What is Racing Quant AI?
赛马量化AI选股系统,集成量化策略选股+个股智能推荐分析。从量化策略数据库筛选符合需求的策略,获取持仓个股,再进行深度分析,最终给出投资参考。触发词:量化选股,racing quant,策略选股,数据库选股,量化分析,AI选股。 It is an AI Agent Skill for Claude Code / OpenClaw, with 157 downloads so far.
How do I install Racing Quant AI?
Run "/install racing-quant-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Racing Quant AI free?
Yes, Racing Quant AI is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Racing Quant AI support?
Racing Quant AI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Racing Quant AI?
It is built and maintained by chenxyzcyxpp (@chenxyzcyxpp); the current version is v1.5.0.
More Skills