长桥证券量化交易集成 - 自动超跌/动量策略 + 飞书推送 + 绩效跟踪。支持港股/美股自动交易,每 5 分钟监控,止盈止损管理。适用于想要自动化交易的个人投资者和量化爱好者。
Security Analysis
high confidenceThe skill's files, install steps, and required environment variables are consistent with an automated LongPort trading integration; it requests only LongPort API credentials needed to trade and uses Python code to perform scanning, backtesting and order submission.
Name/description (LongPort quantitative trader) align with the code and requirements: code imports longport.openapi, submits orders, monitors quotes, and sends Feishu notifications. Required env vars are LongPort credentials which are expected for this purpose. Required binary (python3) and pip dependencies (longport, python-dotenv) are appropriate.
SKILL.md and SETUP_GUIDE instruct running monitoring/trading scripts (e.g., quant_monitor.py, hk_scanner_full.py) and storing API keys either as env vars or in a config.py/.env. The runtime instructions and code do perform account queries and order submission (expected), and write local state files (e.g., /tmp/auto_trade_state.json). Minor inconsistency: SKILL.md shows editing config.py while most code uses Config.from_env() and dotenv — this may lead users to store secrets on disk if they follow the config.py guidance. No instructions request unrelated files, credentials, or external endpoints beyond LongPort and optional Feishu.
Install spec only bootstraps Python via Homebrew ([email protected]). SKILL.md also instructs pip installing 'longport' and 'python-dotenv' (expected). There are no downloads from untrusted URLs or archive extraction in the install spec. Overall install approach is proportionate.
Declared required env vars are LONGPORT_APP_KEY, LONGPORT_APP_SECRET, LONGPORT_ACCESS_TOKEN — these map directly to the trading API and are necessary for automated trading. No unrelated credentials are requested. Note: those credentials allow placing real trades; the skill's access is powerful and should be limited to appropriate accounts (use sandbox/test keys if available). Feishu webhook is optional and not listed as required.
Skill is not marked always:true and uses normal autonomous invocation. It creates/writes small local state and performance files under /tmp (and suggests local config/.env). It does not request system-wide configuration changes or modify other skills. Autonomous invocation combined with trading credentials implies high potential impact (financial) but that impact is coherent with the stated purpose.
Guidance
This skill appears to be what it says: an automated LongPort trading toolkit that will read market data and can submit real orders if given your LongPort credentials. Before installing, consider: 1) Use a sandbox or simulated account to validate behavior (do not use real money until tested). 2) Do NOT commit API keys to source control — prefer environment variables or a secrets manager; if you follow the config.py suggestion, delete keys from disk afterward. 3) Limit the credentials' permissions if LongPort supports scoped tokens; use a read-only token or a test token where possible and rotate/revoke keys after testing. 4) Review the 'longport' Python package source (PyPI/GitHub) and examine any network calls if you require stronger assurance. 5) If you enable Feishu webhook notifications, treat webhooks as secrets. 6) Because the skill can place trades, run it on a dedicated device and monitor logs and order history closely to detect unexpected activity.
Latest Release
v1.0.0
longport-quant-trader v1.0.0 - 首次发布版本,集成港股/美股自动量化交易。 - 支持超跌抄底与动量追涨策略,内置止盈止损管理。 - 提供飞书推送功能,监控结果和绩效实时推送。 - 每 5 分钟自动市场扫描,智能捕捉买卖机会。 - 支持绩效跟踪、个性化参数配置和自定义股票池。
Popular Skills
Published by @fxm1618-gmail on ClawHub
