← 返回 Skills 市场
121
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install trading-monitor
功能描述
盘中股票盯盘定时任务管理。创建、配置和管理A股交易时段的自动分析任务,包括定时行情播报、深度分析、收盘前最终分析。使用场景:设置盯盘、调整分析频率、查看任务状态、停止/启动任务。触发词:盯盘、设置分析、开盘监控、调整频率、盯盘任务。
安全使用建议
This skill's goal (automated intraday stock analysis) is reasonable, but there are gaps and risky suggestions you should resolve before installing. Specifically: 1) The SKILL.md references deployment and management scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included — ask the publisher where these come from and inspect them before running. 2) The skill suggests changing the gateway exec policy to 'full' — avoid relaxing global exec allowlists unless you have audited the scripts and understand the implications. 3) The skill expects to push messages to channels like Feishu but does not declare required API tokens or how secrets are stored; confirm which credentials are needed and grant the minimum scope. 4) Treat any one‑click deployment script obtained from an external source as untrusted until reviewed; run in a sandbox or staging environment first. If you cannot obtain the missing scripts or a trustworthy source, do not enable the cron tasks or change exec security.
功能分析
Type: OpenClaw Skill
Name: trading-monitor
Version: 1.2.0
The skill bundle facilitates a stock trading monitor but contains instructions in SKILL.md and references/config-guide.md that direct the user to disable security restrictions by setting 'tools.exec.security' to 'full'. It also relies on external PowerShell scripts (scripts/setup.ps1 and scripts/manage.ps1) that are not provided in the file list but are executed with 'ExecutionPolicy Bypass', creating a significant risk for arbitrary code execution. While the stated purpose is benign, the explicit encouragement to lower the environment's security posture is a major red flag.
能力评估
Purpose & Capability
Skill claims to manage scheduled A-share analysis tasks which fits the openclaw cron usage shown, but the SKILL.md repeatedly references local scripts (scripts\setup.ps1, scripts\manage.ps1) that are not included in the package or install spec. The skill also refers to pushing results to channels (feishu) and target IDs yet does not declare or request any channel/API credentials. Requesting or assuming access to messaging channels without declaring how credentials are provided is inconsistent with the stated purpose.
Instruction Scope
Instructions tell the agent/user to run PowerShell deployment and management scripts and to change a gateway-wide setting (`openclaw config set tools.exec.security full`). Asking operators to relax exec allowlist is a scope-expanding action that affects platform security. The messages passed into cron tasks instruct the agent to fetch news, query holdings, analyze markets and send reports — which is within purpose — but because the scripts that implement these steps are absent, it's unclear what code will actually run when the user follows these steps.
Install Mechanism
There is no install spec and no included executable scripts. The SKILL.md expects local scripts under scripts\ but those files are not present in the manifest. That gap means users must obtain scripts from an unspecified external source before deployment — a risky, untracked step.
Credentials
The skill references notification channels (feishu) and target IDs which normally require API tokens or integration credentials, but requires.env and primary credential are empty. That mismatch suggests the skill will need secrets/configuration that are not declared. Additionally, the guidance to set exec security to 'full' broadens what cron tasks can execute and may enable actions beyond the stated monitoring purpose.
Persistence & Privilege
The skill is not always: true, but it instructs creating recurring cron jobs in the platform and explicitly recommends changing gateway exec security; combined, these create persistent automated tasks that can execute system commands. The skill does not modify other skills, but asking operators to relax a global security policy is a noteworthy privilege escalation risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trading-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/trading-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
v1.2.0: 添加消息分级支持、交易时段过滤、静默模式
v1.1.0
- 新增完整中文说明文档,详细介绍盯盘系统的使用场景、任务类型和命令管理。
- 增加一键部署/管理脚本示例,以及高级自定义参数和配置指导。
- 补充常见任务Cron表达式模板,涵盖高频/低频及盘前、收盘前分析。
- 新增常见问题与错误排查说明,方便用户自助解决配置和权限问题。
- 明确各参数用途及默认值,提升用户上手和配置效率。
元数据
常见问题
trading-monitor 是什么?
盘中股票盯盘定时任务管理。创建、配置和管理A股交易时段的自动分析任务,包括定时行情播报、深度分析、收盘前最终分析。使用场景:设置盯盘、调整分析频率、查看任务状态、停止/启动任务。触发词:盯盘、设置分析、开盘监控、调整频率、盯盘任务。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 121 次。
如何安装 trading-monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trading-monitor」即可一键安装,无需额外配置。
trading-monitor 是免费的吗?
是的,trading-monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
trading-monitor 支持哪些平台?
trading-monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 trading-monitor?
由 changle(@cle87937-code)开发并维护,当前版本 v1.2.0。
推荐 Skills