← 返回 Skills 市场

Racing Quant AI

Name: Racing Quant AI
Author: chenxyzcyxpp

作者 chenxyzcyxpp · GitHub ↗ · v1.5.0 · MIT-0

cross-platform ⚠ suspicious

157

总下载

当前安装

版本数

在 OpenClaw 中安装

/install racing-quant-ai

功能描述

赛马量化AI选股系统，集成量化策略选股+个股智能推荐分析。从量化策略数据库筛选符合需求的策略，获取持仓个股，再进行深度分析，最终给出投资参考。触发词：量化选股，racing quant，策略选股，数据库选股，量化分析，AI选股。

安全使用建议

This skill appears to implement the advertised DB-driven stock-selection and analysis, but it includes hard-coded credentials for a remote MySQL server (47.121.180.199, user 'display', password 'display999!') and executes shell commands that access absolute paths on the agent host and other skill directories. Before installing or running it consider: - Treat the embedded DB credentials as sensitive: queries you run with this skill will go to a third‑party server you do not control. Do you trust that server and its operator? Could it log queries or return manipulated data? - The scripts call execSync to run Python/CLI tools and an agent-browser navigation command from /root/.openclaw/..., which assumes filesystem access and lets the skill execute code outside its own files. If you run this skill, it may execute code belonging to other skills or local files. - The repository does not declare required env vars or network/DB access even though it needs them; that reduces transparency. Consider asking the publisher to: (a) remove hard-coded credentials and require explicit, documented configuration (env vars or user-provided connection info), (b) avoid absolute host paths and execing other skills' code, and (c) explain what data is sent to the remote DB and external web searches. If you need the functionality but worry about privacy/trust, run the scripts in an isolated environment where you control network access (or replace the DB connection with a local/test database) and audit or sandbox any child process calls before allowing autonomous invocation.

功能分析

Type: OpenClaw Skill Name: racing-quant-ai Version: 1.5.0 The skill bundle provides a quantitative stock analysis system that connects to a remote MySQL database (47.121.180.199) using hardcoded credentials (display/display999!). While the behavior aligns with the stated purpose of fetching financial data, several scripts (notably get-positions-correct.js) utilize execSync to execute shell commands with parameters derived from external data, creating a risk of command injection. Additionally, the inclusion of hardcoded remote database credentials and the use of shell execution for inter-skill communication are high-risk patterns, although no clear evidence of intentional malice or data exfiltration was found.

能力评估

ℹ Purpose & Capability

The name/description claim to query a remote strategy database and perform multi‑dimensional stock analysis — the included scripts do exactly that (multiple scripts connect to a MySQL server and extract holdings). That core capability is coherent with the skill purpose. However, the DB host, port, username and password are hard-coded in scripts (host: 47.121.180.199, user: 'display', password: 'display999!', database: 'db_strategy'), while the skill metadata declares no required environment variables or credentials. Embedding credentials in the code and failing to declare the need for network/DB access is unexpected and worth noting.

⚠ Instruction Scope

SKILL.md and the scripts instruct the agent to perform actions beyond simple in-memory logic: Node.js scripts connect to a remote MySQL server and run many SQL queries; some scripts call out to other skills and the host via child_process.execSync (examples: running a Python CLI under /root/.openclaw/workspace/skills/new-akshare-stock and invoking an 'agent-browser navigate' command). The skill executes shell commands and assumes access to the agent host filesystem and other skills' directories. These steps broaden the runtime scope (network I/O, filesystem access, execution of other skill code) and could be used to access or transmit data beyond the user's intent if misused.

ℹ Install Mechanism

There is no install spec (instruction-only plus included scripts). That is lower-risk in terms of remote installs, but the scripts require Node.js and the 'mysql' package (declared in SKILL.md) and also expect other skills (new-akshare-stock, cn-web-search, wechat-article-search) to be present and callable. The scripts execute Python/CLI from an absolute path (/root/.openclaw/workspace/skills/new-akshare-stock), which assumes a specific runtime layout and gives them the ability to invoke code located elsewhere on the host.

⚠ Credentials

No required environment variables or primary credential are declared in the skill metadata, but every script contains a hard-coded set of DB credentials (host 47.121.180.199, user 'display', password 'display999!', database 'db_strategy'). The skill also integrates with other skills (new-akshare-stock, cn-web-search, wechat-article-search) but does not declare or request any credentials those integrations might need. Hard-coded secrets in distributed skill code and undocumented dependencies on other skills reduce transparency and are disproportionate to what a user would normally expect from an analysis-only skill.

ℹ Persistence & Privilege

The skill is not marked always:true (good). Default autonomous invocation is allowed (platform default) but that alone is not a disqualifier. The main concern is that scripts invoke child processes and reference absolute host paths (/root/.openclaw/workspace/skills/...), which lets the skill run code from other skill directories and the host environment when executed — increasing the practical privilege/impact of an autonomous invocation if it runs unexpectedly.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install racing-quant-ai
安装完成后，直接呼叫该 Skill 的名称或使用 /racing-quant-ai 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.5.0

**v1.5.0重大更新：全面切换至成熟Skill调用，提升数据稳定性与分析深度。** - 行情、财务及资金流数据全面改为调用成熟skill（如new-akshare-stock），弃用底层akshare接口，保证数据源稳定。 - 个股深度分析增加cn-web-search技能，全网搜索公开信息&机构研报，优先标注公众号深度报告标题。 - 使用微信文章深度搜索/融合机制，整合公众号研究内容于综合分析并自动注释来源。 - 工作流补充兜底规则：多策略匹配时仅列出策略信息，需用户确认后再分析持仓。 - 默认分析个股数量无输入时改为前5只，统一报告结构输出，信息来源和免责声明标准规范。

v1.4.0

**Changelog for v1.4.0** - Added `scripts/check-table.js` script for table checking. - Added `scripts/get-ml1-holdings.js` script to retrieve ML1 holdings from the database.

v1.0.0

Racing Quant AI 1.0.0 – 首发版 - 全新推出A股量化选股分析系统，集策略筛选与个股深度基本面分析于一体。 - 支持基于用户需求自动匹配数据库量化策略，获取最新持仓股票列表。 - 个股分析涵盖五大维度：交易数据、股价走势、资金面、基本面、综合评价，并严格输出风险提示与免责声明。 - 提供多模式交互：关键词检索、分类筛选、智能偏好引导。 - 集成Node.js脚本和miaoda-web-search，便于持仓获取及实时信息分析。

元数据

Slug racing-quant-ai

版本 1.5.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Racing Quant AI 是什么？

赛马量化AI选股系统，集成量化策略选股+个股智能推荐分析。从量化策略数据库筛选符合需求的策略，获取持仓个股，再进行深度分析，最终给出投资参考。触发词：量化选股，racing quant，策略选股，数据库选股，量化分析，AI选股。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 157 次。

如何安装 Racing Quant AI？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install racing-quant-ai」即可一键安装，无需额外配置。

Racing Quant AI 是免费的吗？

是的，Racing Quant AI 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Racing Quant AI 支持哪些平台？

Racing Quant AI 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Racing Quant AI？

由 chenxyzcyxpp（@chenxyzcyxpp）开发并维护，当前版本 v1.5.0。