← Back to Skills Marketplace

trading-monitor

Name: trading-monitor
Author: cle87937-code

by changle · GitHub ↗ · v1.2.0 · MIT-0

cross-platform ⚠ suspicious

121

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install trading-monitor

Description

盘中股票盯盘定时任务管理。创建、配置和管理A股交易时段的自动分析任务，包括定时行情播报、深度分析、收盘前最终分析。使用场景：设置盯盘、调整分析频率、查看任务状态、停止/启动任务。触发词：盯盘、设置分析、开盘监控、调整频率、盯盘任务。

Usage Guidance

This skill's goal (automated intraday stock analysis) is reasonable, but there are gaps and risky suggestions you should resolve before installing. Specifically: 1) The SKILL.md references deployment and management scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included — ask the publisher where these come from and inspect them before running. 2) The skill suggests changing the gateway exec policy to 'full' — avoid relaxing global exec allowlists unless you have audited the scripts and understand the implications. 3) The skill expects to push messages to channels like Feishu but does not declare required API tokens or how secrets are stored; confirm which credentials are needed and grant the minimum scope. 4) Treat any one‑click deployment script obtained from an external source as untrusted until reviewed; run in a sandbox or staging environment first. If you cannot obtain the missing scripts or a trustworthy source, do not enable the cron tasks or change exec security.

Capability Analysis

Type: OpenClaw Skill Name: trading-monitor Version: 1.2.0 The skill bundle facilitates a stock trading monitor but contains instructions in SKILL.md and references/config-guide.md that direct the user to disable security restrictions by setting 'tools.exec.security' to 'full'. It also relies on external PowerShell scripts (scripts/setup.ps1 and scripts/manage.ps1) that are not provided in the file list but are executed with 'ExecutionPolicy Bypass', creating a significant risk for arbitrary code execution. While the stated purpose is benign, the explicit encouragement to lower the environment's security posture is a major red flag.

Capability Assessment

⚠ Purpose & Capability

Skill claims to manage scheduled A-share analysis tasks which fits the openclaw cron usage shown, but the SKILL.md repeatedly references local scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included in the package or install spec. The skill also refers to pushing results to channels (feishu) and target IDs yet does not declare or request any channel/API credentials. Requesting or assuming access to messaging channels without declaring how credentials are provided is inconsistent with the stated purpose.

⚠ Instruction Scope

Instructions tell the agent/user to run PowerShell deployment and management scripts and to change a gateway-wide setting (`openclaw config set tools.exec.security full`). Asking operators to relax exec allowlist is a scope-expanding action that affects platform security. The messages passed into cron tasks instruct the agent to fetch news, query holdings, analyze markets and send reports — which is within purpose — but because the scripts that implement these steps are absent, it's unclear what code will actually run when the user follows these steps.

⚠ Install Mechanism

There is no install spec and no included executable scripts. The SKILL.md expects local scripts under scripts\ but those files are not present in the manifest. That gap means users must obtain scripts from an unspecified external source before deployment — a risky, untracked step.

⚠ Credentials

The skill references notification channels (feishu) and target IDs which normally require API tokens or integration credentials, but requires.env and primary credential are empty. That mismatch suggests the skill will need secrets/configuration that are not declared. Additionally, the guidance to set exec security to 'full' broadens what cron tasks can execute and may enable actions beyond the stated monitoring purpose.

⚠ Persistence & Privilege

The skill is not always: true, but it instructs creating recurring cron jobs in the platform and explicitly recommends changing gateway exec security; combined, these create persistent automated tasks that can execute system commands. The skill does not modify other skills, but asking operators to relax a global security policy is a noteworthy privilege escalation risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install trading-monitor
After installation, invoke the skill by name or use /trading-monitor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.2.0

v1.2.0: 添加消息分级支持、交易时段过滤、静默模式

v1.1.0

- 新增完整中文说明文档，详细介绍盯盘系统的使用场景、任务类型和命令管理。 - 增加一键部署/管理脚本示例，以及高级自定义参数和配置指导。 - 补充常见任务Cron表达式模板，涵盖高频/低频及盘前、收盘前分析。 - 新增常见问题与错误排查说明，方便用户自助解决配置和权限问题。 - 明确各参数用途及默认值，提升用户上手和配置效率。

Metadata

Slug trading-monitor

Version 1.2.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is trading-monitor?

盘中股票盯盘定时任务管理。创建、配置和管理A股交易时段的自动分析任务，包括定时行情播报、深度分析、收盘前最终分析。使用场景：设置盯盘、调整分析频率、查看任务状态、停止/启动任务。触发词：盯盘、设置分析、开盘监控、调整频率、盯盘任务。 It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.

How do I install trading-monitor?

Run "/install trading-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is trading-monitor free?

Yes, trading-monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does trading-monitor support?

trading-monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created trading-monitor?

It is built and maintained by changle (@cle87937-code); the current version is v1.2.0.

More Skills