← Back to Skills Marketplace
439
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install temp-skill
Description
提供基于免费数据源的多资产投资组合分析,支持滚动窗口风险平价调仓及完整回测和图表报告生成。
Usage Guidance
Do not run this skill blindly. Key concerns: (1) The documentation promises live API fetching and asks for an ALPHA_VANTAGE_API_KEY, but the included code shown works only with local CSVs — verify whether any hidden/remaining code does network calls before providing API keys. (2) The manifests/docs disagree about dependencies (yfinance/plotly appear in README/SKILL.md but not in manifest); install only the packages you need and inspect imports. (3) Review the full optimized_risk_parity_skill.py and optimized_main.py for any network, subprocess, or filesystem writes (the provided excerpt is truncated and contains an apparent unfinished return referencing an undefined variable). Run the code in a sandboxed environment with non-sensitive sample CSVs first, and consider static inspection or running with tracing to detect unexpected outbound connections. If you intend to use live APIs, only supply API keys after confirming exactly which module will use them and where keys are read from.
Capability Analysis
Type: OpenClaw Skill
Name: temp-skill
Version: 1.0.0
The skill is classified as suspicious due to potential Local File Inclusion (LFI) and arbitrary file write vulnerabilities. The `optimized_main.py` script accepts arbitrary file paths for `--csv` input and `--output` directory, which are then used by `optimized_risk_parity_skill.py` for reading and writing files. An AI agent could be prompted to supply paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) for reading, or to sensitive directories for writing, potentially leading to information disclosure or denial of service. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection attempts within the markdown files; the identified risks are vulnerabilities in argument handling.
Capability Assessment
Purpose & Capability
The SKILL.md and README claim integration with Yahoo Finance (yfinance), Alpha Vantage, and Finnhub and instruct setting ALPHA_VANTAGE_API_KEY, but the provided Python code focuses on loading local CSV files and contains no obvious network/API calls in the visible portions. The manifest dependencies also omit yfinance/plotly while SKILL.md's pip install list includes them. These discrepancies mean the declared capabilities (live API fetching) do not match the actual code and requirements.
Instruction Scope
Runtime instructions tell the agent/user to run scripts that operate on local CSVs and mention configuring an Alpha Vantage API key. The shipped scripts (optimized_main.py and optimized_risk_parity_skill.py) as shown read local CSV, compute metrics, and write reports/charts — they do not (in the visible code) request or transmit secrets. However the SKILL.md allows/mentions free API sources and an API key; that expands the expected scope but is not reflected in the code. Also the SKILL.md references a default path under C:\Users\... which may cause accidental use of a local file.
Install Mechanism
There is no automated install spec (instruction-only install). That minimizes supply-chain risk from downloads. The SKILL.md suggests pip installing typical data-science packages (pandas/numpy/matplotlib/seaborn/plotly/yfinance). Those are expected for this domain; no remote/executable download URLs are present in the package.
Credentials
The SKILL.md instructs setting ALPHA_VANTAGE_API_KEY but the skill metadata lists no required environment variables and the visible code does not reference any env var. This mismatch is a red flag: either the docs are outdated (harmless) or parts of the skill (not visible in truncated code) use credentials but do not declare them. Users should not supply API keys until confirming where/if they're used.
Persistence & Privilege
The skill does not request persistent or privileged presence (always is false). It appears to operate as a run-on-demand script that reads CSVs and writes reports/charts into the filesystem; no evidence of modifying other skills or agent configs was found in the visible files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install temp-skill - After installation, invoke the skill by name or use
/temp-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
金融分析技能 1.0.0
- 新增投资组合分析工具,支持多资产类型(股票、ETF、加密货币等)
- 集成多种免费行情数据源(Yahoo Finance、Alpha Vantage、Finnhub、CSV)
- 实现文字+图表化投资报告,涵盖收益、风险及资产配置等指标
- 支持滚动窗口风险平价分析及自动回测流程,避免未来数据
- 输出详细报告和多种可视化图表(收益曲线、配置饼图、相关性热力图等)
- 示例配置和报告文档详尽,方便快速上手
Metadata
Frequently Asked Questions
What is Temp Skill?
提供基于免费数据源的多资产投资组合分析,支持滚动窗口风险平价调仓及完整回测和图表报告生成。 It is an AI Agent Skill for Claude Code / OpenClaw, with 439 downloads so far.
How do I install Temp Skill?
Run "/install temp-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Temp Skill free?
Yes, Temp Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Temp Skill support?
Temp Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Temp Skill?
It is built and maintained by wzratgit (@wzratgit); the current version is v1.0.0.
More Skills