← 返回 Skills 市场
149
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install my-stock-longbridge-skill
功能描述
长桥证券(Longbridge)OpenAPI 集成与交易管理技能
安全使用建议
This skill appears to implement legitimate Longbridge trading functions, but it hardcodes API credentials and assumes write/CLI access that it does not declare. Do NOT install or run it on any account containing real money or private data until the author fixes these issues. Minimum actions to make this safe: remove hardcoded APP_KEY/APP_SECRET/ACCESS_TOKEN from all files and require the use of secure secrets (environment variables or the platform's secret store); update SKILL.md to describe exact config paths and permissions; avoid writing to /home/admin (use a relative or declared path); verify the openclaw message target and bot account are intentional; rotate any credentials that were embedded (treat them as compromised). If you need help vetting a cleaned version, request the updated package or ask the author for an explanation and proof that embedded credentials have been revoked.
能力评估
Purpose & Capability
Functionality (submit/cancel orders, streaming notifications, account/market queries) matches the Longbridge trading purpose. However the bundle claims to rely on configured secrets but instead hardcodes APP_KEY/APP_SECRET/ACCESS_TOKEN in multiple files and includes an embedded bot account/target for notifications; those specifics are not justified or declared in the metadata.
Instruction Scope
SKILL.md tells the user to configure credentials via 'openclaw secrets configure', but the runtime code ignores that and uses hardcoded credentials. The code reads/writes a HISTORY_FILE under /home/admin/.openclaw/skills/... and invokes the 'openclaw' CLI via subprocess to send messages to a target user — these filesystem and CLI operations are not declared in the skill instructions or registry metadata.
Install Mechanism
There is no install spec (instruction-only), but the package includes a requirements.txt (longbridge, tenacity) and multiple Python modules. No remote downloads or installers are present, which lowers install-time risk, but the lack of an install/install-time guidance (virtualenv, where to place files) combined with embedded secrets is problematic.
Credentials
The code hardcodes APP_KEY, APP_SECRET, and a long ACCESS_TOKEN in multiple files instead of using declared environment variables or secret storage. The skill declares no required env vars or config paths, yet it expects write access to /home/admin/.openclaw/skills/... and access to the 'openclaw' CLI and a bot account/target. Hardcoded credentials and undeclared access are disproportionate and dangerous for a public skill.
Persistence & Privilege
The skill does not set always:true and does not modify other skills' configs, but it runs a long-lived notifier (daemon) that subscribes to private topics and calls out to an external messaging command. This gives it continuous network/IO presence while active; combined with hardcoded credentials, that increases blast radius but is not itself a declared privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install my-stock-longbridge-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/my-stock-longbridge-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
修复SKILL.md缺少YAML frontmatter问题
v1.0.1
批量同步最新版本
v1.0.0
Initial release: stock trade management for Longbridge
元数据
常见问题
my_stock_longbridge_skill 是什么?
长桥证券(Longbridge)OpenAPI 集成与交易管理技能. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。
如何安装 my_stock_longbridge_skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install my-stock-longbridge-skill」即可一键安装,无需额外配置。
my_stock_longbridge_skill 是免费的吗?
是的,my_stock_longbridge_skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
my_stock_longbridge_skill 支持哪些平台?
my_stock_longbridge_skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 my_stock_longbridge_skill?
由 canonxu(@canonxu)开发并维护,当前版本 v1.0.2。
推荐 Skills