← 返回 Skills 市场
2026
总下载
1
收藏
5
当前安装
13
版本数
在 OpenClaw 中安装
/install options-spread-conviction-engine
功能描述
Multi-regime options spread analysis engine with Kelly Criterion Position Sizing. Scores vertical spreads (bull put, bear call, bull call, bear put) and mult...
安全使用建议
This package appears to implement the options-analysis functionality it claims, but there are packaging and install inconsistencies that increase risk. Before installing or running it:
- Inspect scripts/setup-venv.sh and any install scripts in the repo line-by-line; do not run them until you verify they only create a virtualenv and pip-install known packages.
- Ignore or do not run the 'sudo ln -s /usr/local/bin/...' step unless you understand why a system-wide CLI is needed; avoid running sudo for third-party code unless absolutely necessary.
- The README suggests installing an npm package (yahoo-finance2) — confirm whether the Python code actually needs that JS package; if not, skip it.
- Because the repo has documented 'bare except' patterns and duplicated critical logic (Kelly implementations), consider running the test suite (tests/run_tests.py) in an isolated environment (container or VM) to verify behavior before trusting outputs for live trading.
- Prefer running the engine in an isolated environment (VM, container) with limited network and no access to production trading accounts. If you plan to connect to a broker/API later, supply credentials only at that stage and after code audit.
If you want, I can:
- Summarize the contents of scripts/setup-venv.sh (if you provide it) and flag any dangerous commands; or
- Highlight exact files/lines where bare excepts or subprocess/shell invocations occur so you can inspect them more easily.
功能分析
Type: OpenClaw Skill
Name: options-spread-conviction-engine
Version: 2.2.1
The skill is classified as suspicious due to several high-risk behaviors and documented vulnerabilities. The `SKILL.md` instructs the AI agent to execute `sudo ln -s /opt/homebrew/bin/yahoo-finance /usr/local/bin/yf`, which attempts privilege escalation by requiring `sudo` access to create a symlink in a system-wide executable path. Additionally, `scripts/chain_analyzer.py` uses `pickle.dump` and `pickle.load` for caching, which is a known deserialization vulnerability if an attacker can inject malicious data into the cache directory. The internal `CODE_REVIEW_REPORT.md` further highlights critical vulnerabilities such as 'Inconsistent Error Handling', 'Bare Except Clauses', and 'Missing Input Validation' across the codebase, which could lead to unpredictable behavior or be exploited for remote code execution.
能力评估
Purpose & Capability
The name, README, SKILL.md and included Python modules (options_math, leg_optimizer, quant_scanner, multi_leg_strategies, enhanced_kelly, etc.) are coherent with an options spread conviction engine. Required binary (python3) matches the stated purpose. However, SKILL.md and README also instruct installing an npm package (yahoo-finance2) and creating a sudo symlink (/usr/local/bin/yf) to a Homebrew binary — steps that are unusual for a Python-only analytic tool and are disproportionate unless the package explicitly needs that CLI. There are also metadata mismatches (registry lists no install spec but SKILL.md includes an install command; versions differ between registry (2.2.1) and SKILL.md (2.3.0)).
Instruction Scope
Runtime instructions ask to run an included scripts/setup-venv.sh (expected), but README/SKILL.md also recommend brew install jq, npm install yahoo-finance2 and a sudo ln -s into /usr/local — these actions require elevated privileges and modify system state outside the skill's directory. The SKILL.md embedded install metadata contains an install command invoking python3 on a shell script ('python3 scripts/setup-venv.sh'), which is incorrect and indicates sloppy packaging. The instructions otherwise reference expected data sources (Yahoo Finance) and internal files; they do not explicitly demand secrets or unrelated system files.
Install Mechanism
There is no registry-level install spec but SKILL.md includes an install step that runs the bundled setup-venv.sh, which is local and therefore reviewable (lower risk). The manual install examples recommend cloning a GitHub repo. However, recommending npm installation and creating a sudo symlink to /usr/local is high friction and risky: it alters system-wide binaries and requires root. The setup-venv.sh itself (not shown) should be inspected before running. No downloads from obscure external URLs were found in the provided manifest, which reduces supply-chain risk, but the mixed toolchain (brew/npm + Python) is unusual.
Credentials
The skill does not request environment variables, credentials, or config paths. Data access appears limited to public data sources (Yahoo Finance via yfinance or yahoo-finance2). Hard-coded account constraints in docs (e.g., $390 account) are surprising but not a secrets issue. No evidence of attempts to read unrelated system credentials or files.
Persistence & Privilege
The skill does not request always:true and does not declare elevated platform privileges. It does not modify other skills' configs in the provided files. The only potentially persistent/system-level change suggested is the optional sudo ln -s into /usr/local that would create a system-wide symlink — this is an install-time action recommended by the README, not an autonomously-running permission the skill demands.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install options-spread-conviction-engine - 安装完成后,直接呼叫该 Skill 的名称或使用
/options-spread-conviction-engine触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.1
Major upgrade introducing quantitative regime detection, volatility forecasting, robust position sizing, and backtesting.
- Added VIX-based regime detection to adapt strategies to market conditions.
- Integrated GARCH volatility forecasting for improved IV and risk estimation.
- Introduced drawdown-constrained Kelly position sizing for smarter, risk-aware contract sizing.
- Implemented walk-forward backtesting tools to validate scoring and position sizing models.
- New scripts and tests: regime detection, volatility forecasting, enhanced Kelly sizing, integration and backtest validators.
- Updated documentation to reflect quantitative enhancements and methodology changes.
v1.3.0
yfinance refactor: replace subprocess with direct API, add dependency injection, ticker validation, fix NaN handling
v2.2.0
Added Kelly Criterion position sizing with full/half Kelly, edge calculation, and account-aware contract sizing. Updated documentation for multi-leg strategies.
v2.1.0
Integrated Quantitative Options Scanner documentation
v2.0.1
Syncing latest updates to GitHub
v2.0.0
Major v2.0: Quant scanner, Black-Scholes pricing, Kelly position sizing, multi-leg strategies, market scanner
v1.2.2
Remove release.sh - now in workspace scripts folder
v1.2.1
Fixed emoji policy violations, updated documentation weights, improved strike calculation comments
v1.2.0
Release v1.2.0
v1.1.1
Release v1.1.1
v1.1.0
Added Volume Multiplier and Dynamic Strike Suggestions
v1.0.1
Fixed documentation, added error handling
v1.0.0
Multi-regime vertical spread analysis engine
元数据
常见问题
Options Spread Conviction Engine 是什么?
Multi-regime options spread analysis engine with Kelly Criterion Position Sizing. Scores vertical spreads (bull put, bear call, bull call, bear put) and mult... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2026 次。
如何安装 Options Spread Conviction Engine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install options-spread-conviction-engine」即可一键安装,无需额外配置。
Options Spread Conviction Engine 是免费的吗?
是的,Options Spread Conviction Engine 完全免费(开源免费),可自由下载、安装和使用。
Options Spread Conviction Engine 支持哪些平台?
Options Spread Conviction Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Options Spread Conviction Engine?
由 AdamNaghs(@adamnaghs)开发并维护,当前版本 v2.2.1。
推荐 Skills