← 返回 Skills 市场

Smc Trading Signal

Name: Smc Trading Signal
Author: zt6558609-cpu

作者 zt6558609-cpu · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

139

总下载

当前安装

版本数

在 OpenClaw 中安装

/install smc-trading-signal-cn

功能描述

SMC 聪明钱交易信号监控，1H 定方向 +15M 入场，ATR 动态止盈止损。支持黄金/加密货币/外汇。

安全使用建议

Things to check before installing: - Ask the maintainer why the skill metadata lists a required binary named 'uv' — it's not referenced by the scripts and may be a metadata mistake. - Inspect monitor_v2.py fully (it is executed via exec in monitor.py). Exec-ing a local file runs arbitrary code from the skill directory; confirm its contents are acceptable and review for hidden actions. - Note the scripts call external endpoints (hq.sinajs.cn and Yahoo). The Sina request disables TLS verification (verify=False), which can make network traffic vulnerable to interception—consider running only on a trusted network or patching the request to enable certificate verification. - The skill doesn't require secrets, but it performs network I/O and writes output files under the skill workspace. Run it first in a sandbox or isolated environment, and create a Python virtualenv with explicit pip installs (requests, akshare if you need it) rather than relying on system packages. - The SKILL.md and README point to a GitHub repo; review that repository and recent commits for further context and verify the maintainer identity before trusting signals for live trading. - Because the skill is not marked for automatic trading, it will only produce signals — do not provide any trading API keys unless you explicitly add and audit code to support safe automated execution.

功能分析

Type: OpenClaw Skill Name: smc-trading-signal-cn Version: 1.0.1 The skill bundle is classified as suspicious due to high-risk coding practices that introduce significant security vulnerabilities. Specifically, `scripts/monitor.py` uses `exec()` to dynamically execute the contents of `scripts/monitor_v2.py`, a pattern that facilitates arbitrary code execution if the bundle's files are tampered with. Additionally, `scripts/monitor_v2.py` performs network requests to Sina Finance (`hq.sinajs.cn`) with SSL verification explicitly disabled (`verify=False`), exposing the agent to Man-in-the-Middle (MITM) attacks. While these behaviors appear to be unintentional security flaws rather than deliberate malware, they represent a high-risk attack surface.

能力评估

⚠ Purpose & Capability

The skill claims to be a Python-based trading signal monitor — python3 is a reasonable requirement. However the declared required binary 'uv' is unexplained and not referenced in the scripts; this is an incoherence that should be justified or removed. Otherwise the files (monitor.py / monitor_v2.py, config/*.json) and described features match the stated purpose.

ℹ Instruction Scope

SKILL.md tells the agent to run the included Python script and edit config files — that aligns with the purpose. Implementation details to note: monitor.py exec()'s the contents of monitor_v2.py (running code by reading+exec is riskier than a normal import), the scripts perform network requests to external data sources (sina/yahoo), and the sina request intentionally sets verify=False (disables TLS verification). The scripts write output files under the skill workspace. None of these actions contradict the stated purpose, but exec() and disabled TLS are implementation risks to review.

✓ Install Mechanism

There is no install spec (instruction-only install), which is the lowest installer risk. The package relies on Python libraries (requests, optional akshare) but does not declare or install them — the user will need to provide these. No remote downloads or installers are executed by the skill metadata itself.

✓ Credentials

The skill declares no required environment variables or credentials, which is appropriate for a read-only market-data signal generator. The scripts do perform outbound HTTP calls to public finance APIs (expected). There are no requests for unrelated credentials or system-level config paths.

✓ Persistence & Privilege

The skill does not request always:true or other elevated platform privileges. It does write signal files into its own workspace/output directory and suggests adding a cron job via openclaw — both are within expected behavior for a monitoring skill and do not appear to modify other skills or global agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install smc-trading-signal-cn
安装完成后，直接呼叫该 Skill 的名称或使用 /smc-trading-signal-cn 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- 新增 scripts/monitor_v2.py，加入第二版监控脚本。 - 更新 scripts/monitor.py，优化相关逻辑。 - 更新 README.md，反映新增和变化的脚本。

v1.0.0

SMC 聪明钱交易信号监控首次发布： - 支持 1 小时定方向、15 分钟精确入场的 SMC 策略 - ATR 动态计算止盈止损，适应市场波动 - 覆盖黄金、加密货币、外汇品种，实时监控与信号推送 - 提供教学模式与历史回测数据功能 - 开放详细配置与风险控制选项

元数据

Slug smc-trading-signal-cn

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Smc Trading Signal 是什么？

SMC 聪明钱交易信号监控，1H 定方向 +15M 入场，ATR 动态止盈止损。支持黄金/加密货币/外汇。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 139 次。

如何安装 Smc Trading Signal？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install smc-trading-signal-cn」即可一键安装，无需额外配置。

Smc Trading Signal 是免费的吗？

是的，Smc Trading Signal 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Smc Trading Signal 支持哪些平台？

Smc Trading Signal 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Smc Trading Signal？

由 zt6558609-cpu（@zt6558609-cpu）开发并维护，当前版本 v1.0.1。