← Back to Skills Marketplace
youngcan-wang

Wyckoff Agent Skill

by YoungCan-Wang · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install wyckoff-agent-skill
Description
Wyckoff A-share analysis agent with full CLI integration. Detects local CLI installation, guides users through setup (install → register → configure data sou...
Usage Guidance
This skill's functionality (Wyckoff analysis via a CLI) is coherent, but exercise caution before installing or running commands it suggests: 1) Do not run the curl | bash one-liner unless you inspect the install.sh content in the GitHub repo and confirm the repo/author are trustworthy. 2) Prefer installing the package in an isolated environment (virtualenv, container) and inspect its code before running. 3) Be aware the CLI persists credentials to ~/.wyckoff/wyckoff.json and may auto-relogin; if you supply API keys or account passwords, consider using least-privilege keys or dedicated/test accounts. 4) Verify the pip package (youngcan-wyckoff-analysis) exists on PyPI and review its project homepage, code, and recent activity; absence of a homepage/source in the registry is a red flag. 5) If you need higher assurance, ask the publisher for the canonical repository, a vetted install artifact (PyPI release), and a copy of the install script for manual review — providing those would increase confidence and could move the assessment toward 'benign'.
Capability Analysis
Type: OpenClaw Skill Name: wyckoff-agent-skill Version: 1.0.1 The skill bundle promotes high-risk environment setup procedures, including a 'curl | bash' one-liner and 'pip install' for a specific third-party package (youngcan-wyckoff-analysis) in SKILL.md and rules/cli-setup-guide.md. It explicitly guides users to provide sensitive credentials and API keys for financial data services (Tushare, TickFlow), which are stored in a local config file (~/.wyckoff/wyckoff.json). While the logic is consistent with its stated purpose as a trading assistant, the inclusion of a hardcoded affiliate referral link (tickflow.org/auth/register?ref=5N4NKTCPL4) and the reliance on external script execution from GitHub (raw.githubusercontent.com/YoungCan-Wang/Wyckoff-Analysis/main/install.sh) present significant supply chain and RCE risks without clear evidence of intentional malice.
Capability Tags
cryptocan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description (Wyckoff A-share CLI-based analysis) matches the instructions: install/initialize a wyckoff CLI, configure data sources (Tushare/TickFlow), set an LLM model provider, and run analysis. Required capabilities (time, web fetch, CSV/image parsing, plotting) are coherent with the stated purpose.
Instruction Scope
SKILL.md explicitly instructs running CLI commands, performing online fetches, reading CSV/images, and persisting credentials. Those actions are relevant, but the instructions also direct the user/agent to run remote install commands and to persist login tokens automatically—operations that can write files and perform network auth without clarifying storage/encryption or verifying the install script contents.
Install Mechanism
The registry contains no formal install spec, but SKILL.md recommends 'pip install youngcan-wyckoff-analysis' and offers a one-line 'curl -fsSL https://raw.githubusercontent.com/YoungCan-Wang/Wyckoff-Analysis/main/install.sh | bash'. Piping a remote raw script into bash is high risk unless the script and repository are vetted. The pip package and GitHub repo appear unverified/unknown in metadata (homepage/source unknown), increasing install risk.
Credentials
The skill expects users to configure service API keys (Tushare token, TickFlow API key) and model provider API keys (gemini/openai/claude). Those credentials are proportionate to the functionality. However, the skill does not declare env var requirements up front and documents that credentials are persisted to ~/.wyckoff/wyckoff.json and that automatic re-login can occur — this persistent local storage of secrets should be considered before installing.
Persistence & Privilege
always:false (no forced inclusion) and model invocation is allowed (normal). The skill's flow instructs storing tokens on disk and automatic re-login, which grants ongoing network/auth activity and persisted secrets on the host. Combined with the remote-install recommendation and unknown origin, this persistent behavior increases the blast radius if the installed CLI or its install script are malicious or compromised.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wyckoff-agent-skill
  3. After installation, invoke the skill by name or use /wyckoff-agent-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Wyckoff-agent-skill 1.0.1 - Added comprehensive SKILL.md documentation detailing setup, onboarding, and operational workflows. - Clarified two operating modes: guided setup (environment checks) and full Wyckoff-style analysis pipeline. - Documented all input protocols, workflow steps (0–9), output contract, and hard technical constraints. - Expanded support for both CLI portfolio management commands and multi-modal inputs (symbols, holdings, CSV, images). - Included explicit data source fallback rules and capability degradation handling.
Metadata
Slug wyckoff-agent-skill
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Wyckoff Agent Skill?

Wyckoff A-share analysis agent with full CLI integration. Detects local CLI installation, guides users through setup (install → register → configure data sou... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.

How do I install Wyckoff Agent Skill?

Run "/install wyckoff-agent-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wyckoff Agent Skill free?

Yes, Wyckoff Agent Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Wyckoff Agent Skill support?

Wyckoff Agent Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wyckoff Agent Skill?

It is built and maintained by YoungCan-Wang (@youngcan-wang); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments