← Back to Skills Marketplace
oldhouse-g

M估值法

by oldhouse-g · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
398
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install m-valuation
Description
基于ROIC和CAPM的5步股票估值方法,提供资格筛选、内在价值计算及风险与情景分析。
README (SKILL.md)

M估值法

基于ROIC和CAPM的股票估值方法,由蟹老板创建。

概述

完整的5步股票估值分析框架:

  1. 资格筛选(ROIC > w)
  2. 核心参数计算
  3. 内在价值计算
  4. 估值决策与风险分析
  5. 情景分析

使用方法

当用户说"用M估值法分析[股票]"时,使用此skill:

python3 ~/.openclaw/workspace/skills/m-valuation/valuation.py \x3C股票代码> [名称]

# 示例
python3 ~/.openclaw/workspace/skills/m-valuation/valuation.py 000333 美的集团
python3 ~/.openclaw/workspace/skills/m-valuation/valuation.py 600036 招商银行

触发词

  • "M估值法"
  • "用M估值法分析"
  • "M估值"

数据来源

  1. Tushare API - A股财务数据
  2. Tavily搜索 - 获取β系数、非A股数据

核心公式

  • w = Rf + β × (Rm - Rf)
  • d = 分红率 = D₀/E
  • g = (1-d) × ROIC
  • PE = d × (1+g) / (w - g)
  • 预期收益率 = 股息率 + g

输出内容

  • 资格筛选结果
  • 核心参数(股息率、预期收益率)
  • 内在价值
  • 风险分析(股息风险、成长风险)
  • 情景分析(零增长/3%增长PE)
  • 投资建议
Usage Guidance
This skill likely implements the advertised valuation method, but it has several red flags you should address before installing or running it: (1) The Python file contains hardcoded API keys (a TAVILY_API_KEY and a Tushare pro token). Do not run it if you do not trust these keys or their owner — they may be tied to someone else’s account or be abused. (2) The script calls a Node script at an absolute path (/root/.openclaw/.../tavily-search/scripts/search.mjs) and requires the 'node' binary and the 'tushare' Python package, none of which are declared in the manifest. Confirm those dependencies and that the referenced Node script is legitimate. (3) Prefer that the author remove hardcoded credentials and instead accept user-provided API keys via declared env vars, and explain/install required binaries. (4) If you want to test it: run in an isolated sandbox/container, monitor network calls, and replace the embedded tokens with your own keys (or delete them) before using. Ask the publisher to (a) declare required binaries and env vars, (b) remove or justify embedded keys, and (c) avoid absolute /root paths so the skill is portable and auditable.
Capability Analysis
Type: OpenClaw Skill Name: m-valuation Version: 1.0.0 The `valuation.py` script contains hardcoded API keys for both Tavily and Tushare, which is a significant security vulnerability as it exposes credentials. Additionally, the script uses `subprocess.run` to execute an external Node.js script (`tavily-search/scripts/search.mjs`) and passes user-controlled input (stock name/code) as arguments. While the input is passed as distinct arguments, this pattern creates a potential second-order shell injection vulnerability if the `search.mjs` script itself is not robust against argument injection, allowing for arbitrary command execution. These issues are security flaws rather than clear evidence of intentional malicious behavior.
Capability Assessment
Purpose & Capability
The skill claims to perform ROIC/CAPM valuation using Tushare and 'Tavily' search. However, the code embeds a hardcoded TAVILY_API_KEY and a hardcoded Tushare pro token (pro_api call) instead of declaring required credentials. The manifest declares no required env vars or binaries, but the script clearly depends on the 'tushare' Python package, the 'node' binary, and a local Node script at an absolute path (/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs). Those dependencies and credentials are not reflected in the skill metadata and are disproportionate to what the SKILL.md states.
Instruction Scope
SKILL.md instructs the agent to run the included Python script for valuation (in-scope). The script however invokes external Node search scripts via subprocess (sending text queries to a tavily-search script), sets an API key in the environment at runtime, and uses a hardcoded Tushare API token. The code thus performs network searches and remote API calls beyond the single-step valuation described in the SKILL.md; it also relies on a specific local filesystem layout (/root/...) which is not documented. While these actions could be legitimate for data collection, they expand the runtime scope without being declared.
Install Mechanism
There is no install spec but the code depends on external tooling: 'node' and a local Node script, plus the 'tushare' Python package. The manifest lists no required binaries or packages. The skill therefore risks failing or invoking unexpected local scripts/executables (absolute /root path). No package provenance or install safety is provided.
Credentials
The skill declares no required environment variables or credentials, yet the code sets os.environ['TAVILY_API_KEY'] to a literal API key and calls ts.pro_api(...) with a hardcoded token. Hardcoded credentials are a red flag: they may be leaked/stolen credentials or tie API usage to the author's account. The script overwrites/sets an env var at process startup without declaring it, and it does not provide a way to supply the user's own credentials via declared env vars.
Persistence & Privilege
The skill does not request persistent installation (always: false) and does not appear to modify system-wide settings or other skills. It does set an environment variable only within the process and invokes subprocesses. That limits persistence, but the subprocesses call remote services and depend on local scripts, increasing runtime risk. No evidence of writing persistent credentials or altering other skills was observed in the provided files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install m-valuation
  3. After installation, invoke the skill by name or use /m-valuation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
M估值法 skill 1.0.0 — 基于ROIC和CAPM的股票估值分析框架上线。 - 支持完整5步股票估值流程,包括筛选、参数计算、内在价值、风险与情景分析。 - 命令行支持:python3 ~/.openclaw/workspace/skills/m-valuation/valuation.py <股票代码> [名称]。 - 提供A股与非A股(通过Tushare API与Tavily搜索)财务及β系数数据获取。 - 输出涵盖资格筛选、核心估值参数、价值与风险结论,以及投资建议。 - 集成多种触发词:“M估值法”“用M估值法分析”“M估值”。
Metadata
Slug m-valuation
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is M估值法?

基于ROIC和CAPM的5步股票估值方法,提供资格筛选、内在价值计算及风险与情景分析。 It is an AI Agent Skill for Claude Code / OpenClaw, with 398 downloads so far.

How do I install M估值法?

Run "/install m-valuation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is M估值法 free?

Yes, M估值法 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does M估值法 support?

M估值法 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created M估值法?

It is built and maintained by oldhouse-g (@oldhouse-g); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments