← Back to Skills Marketplace

Smc Trading Signal

Name: Smc Trading Signal
Author: zt6558609-cpu

by zt6558609-cpu · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

139

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install smc-trading-signal-cn

Description

SMC 聪明钱交易信号监控，1H 定方向 +15M 入场，ATR 动态止盈止损。支持黄金/加密货币/外汇。

Usage Guidance

Things to check before installing: - Ask the maintainer why the skill metadata lists a required binary named 'uv' — it's not referenced by the scripts and may be a metadata mistake. - Inspect monitor_v2.py fully (it is executed via exec in monitor.py). Exec-ing a local file runs arbitrary code from the skill directory; confirm its contents are acceptable and review for hidden actions. - Note the scripts call external endpoints (hq.sinajs.cn and Yahoo). The Sina request disables TLS verification (verify=False), which can make network traffic vulnerable to interception—consider running only on a trusted network or patching the request to enable certificate verification. - The skill doesn't require secrets, but it performs network I/O and writes output files under the skill workspace. Run it first in a sandbox or isolated environment, and create a Python virtualenv with explicit pip installs (requests, akshare if you need it) rather than relying on system packages. - The SKILL.md and README point to a GitHub repo; review that repository and recent commits for further context and verify the maintainer identity before trusting signals for live trading. - Because the skill is not marked for automatic trading, it will only produce signals — do not provide any trading API keys unless you explicitly add and audit code to support safe automated execution.

Capability Analysis

Type: OpenClaw Skill Name: smc-trading-signal-cn Version: 1.0.1 The skill bundle is classified as suspicious due to high-risk coding practices that introduce significant security vulnerabilities. Specifically, `scripts/monitor.py` uses `exec()` to dynamically execute the contents of `scripts/monitor_v2.py`, a pattern that facilitates arbitrary code execution if the bundle's files are tampered with. Additionally, `scripts/monitor_v2.py` performs network requests to Sina Finance (`hq.sinajs.cn`) with SSL verification explicitly disabled (`verify=False`), exposing the agent to Man-in-the-Middle (MITM) attacks. While these behaviors appear to be unintentional security flaws rather than deliberate malware, they represent a high-risk attack surface.

Capability Assessment

⚠ Purpose & Capability

The skill claims to be a Python-based trading signal monitor — python3 is a reasonable requirement. However the declared required binary 'uv' is unexplained and not referenced in the scripts; this is an incoherence that should be justified or removed. Otherwise the files (monitor.py / monitor_v2.py, config/*.json) and described features match the stated purpose.

ℹ Instruction Scope

SKILL.md tells the agent to run the included Python script and edit config files — that aligns with the purpose. Implementation details to note: monitor.py exec()'s the contents of monitor_v2.py (running code by reading+exec is riskier than a normal import), the scripts perform network requests to external data sources (sina/yahoo), and the sina request intentionally sets verify=False (disables TLS verification). The scripts write output files under the skill workspace. None of these actions contradict the stated purpose, but exec() and disabled TLS are implementation risks to review.

✓ Install Mechanism

There is no install spec (instruction-only install), which is the lowest installer risk. The package relies on Python libraries (requests, optional akshare) but does not declare or install them — the user will need to provide these. No remote downloads or installers are executed by the skill metadata itself.

✓ Credentials

The skill declares no required environment variables or credentials, which is appropriate for a read-only market-data signal generator. The scripts do perform outbound HTTP calls to public finance APIs (expected). There are no requests for unrelated credentials or system-level config paths.

✓ Persistence & Privilege

The skill does not request always:true or other elevated platform privileges. It does write signal files into its own workspace/output directory and suggests adding a cron job via openclaw — both are within expected behavior for a monitoring skill and do not appear to modify other skills or global agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install smc-trading-signal-cn
After installation, invoke the skill by name or use /smc-trading-signal-cn
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- 新增 scripts/monitor_v2.py，加入第二版监控脚本。 - 更新 scripts/monitor.py，优化相关逻辑。 - 更新 README.md，反映新增和变化的脚本。

v1.0.0

SMC 聪明钱交易信号监控首次发布： - 支持 1 小时定方向、15 分钟精确入场的 SMC 策略 - ATR 动态计算止盈止损，适应市场波动 - 覆盖黄金、加密货币、外汇品种，实时监控与信号推送 - 提供教学模式与历史回测数据功能 - 开放详细配置与风险控制选项

Metadata

Slug smc-trading-signal-cn

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Smc Trading Signal?

SMC 聪明钱交易信号监控，1H 定方向 +15M 入场，ATR 动态止盈止损。支持黄金/加密货币/外汇。 It is an AI Agent Skill for Claude Code / OpenClaw, with 139 downloads so far.

How do I install Smc Trading Signal?

Run "/install smc-trading-signal-cn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Smc Trading Signal free?

Yes, Smc Trading Signal is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Smc Trading Signal support?

Smc Trading Signal is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Smc Trading Signal?

It is built and maintained by zt6558609-cpu (@zt6558609-cpu); the current version is v1.0.1.

More Skills