📦 DWLF — 加密股市分析

Name: DWLF — 加密股市分析
Rating: 6

v1.0.0

让智能体原生接入 DWLF 平台，一键获取加密与股票行情数据、K线指标、策略回测、交易信号、组合追踪、交易日志及学院内容。

6· 3.0k·2 当前·2 累计

by @andywilliams

数据分析 API工具智能体

下载技能包

最后更新

2026/2/28

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill appears to be a functional DWLF client, but review these points before installing: - Credential handling: The helper script expects DWLF_API_KEY (and optionally DWLF_API_URL). The skill metadata does not declare that requirement — treat the absence as a packaging oversight. Provide the API key via the DWLF_API_KEY env var rather than storing it in a shared file. - TOOLS.md parsing: The script attempts to grep your TOOLS.md for the literal phrase "Jenna's own key" to extract an API k...

详细分析 ▾

ℹ 用途与能力

The skill's endpoints, examples, and included script match the described DWLF market-analysis purpose (market data, signals, annotations, backtests, etc.). However, the metadata does not declare the API key or other env vars even though the code requires DWLF_API_KEY and optionally DWLF_API_URL/TOOLS_MD. That omission is inconsistent with the stated purpose/requirements.

⚠ 指令范围

SKILL.md instructs the agent to call many read/write endpoints (create/update/delete annotations, trades, trade-plans, backtests). The included script will attempt to read a local TOOLS.md file to extract an API key (using a grep for the literal string "Jenna's own key"). That is a brittle, user-specific heuristic that causes the skill to read a local file for credentials and could inadvertently harvest other keys stored there. The rest of the instructions are within scope for a DWLF client.

✓ 安装机制

No install spec (instruction-only with a small included helper script). This is low risk from arbitrary remote code installation — nothing is downloaded or executed beyond the packaged script and standard curl/jq usage.

⚠ 凭证需求

The skill requires an API key to operate, but requires.env and primary credential fields are empty in metadata. The runtime script reads DWLF_API_KEY and DWLF_API_URL env vars (and falls back to parsing TOOLS.md). Requesting access to an API key is proportionate, but not declaring it in metadata is inconsistent and the TOOLS.md parsing (with a hardcoded search for "Jenna's own key") is inappropriate and potentially exposes other secrets kept in that file.

✓ 持久化与权限

always:false and no OS restrictions; the skill does not request permanent platform-wide presence and doesn't modify other skills or system settings. It can perform write actions on the DWLF account (annotations, trades, deletes) which is expected for a full-featured client — consider limiting agent autonomy (see guidance).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/1

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install dwlf

镜像加速npx clawhub@latest install dwlf --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库