← Back to Skills Marketplace

Rally

Name: Rally
Author: indigokarasu

by Indigo Karasu · GitHub ↗ · v3.0.1 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ocas-rally

Description

Research, score, and plan long-only portfolio allocations and trades for public markets with risk constraints and explainable decisions.

Usage Guidance

This skill looks coherent for portfolio research and constrained allocation planning, but take these precautions before installing or enabling: 1) Inspect the GitHub repository referenced by the skill (https://github.com/indigokarasu/rally) so you know exactly what the self-update will fetch. 2) Keep config.execution.enabled = false until you review broker integrations and confirm any broker credentials are only provided to explicit, audited integration steps. 3) If you do not want automated runs or auto-updates, disable cron registration / rally.update or run them manually. 4) Only provide QUIVERQUANT_API_KEY if you want the congressional_flow signal; it is optional. 5) Verify that writing to ~/openclaw/data/ocas-rally/ and ~/openclaw/journals/ocas-rally/ matches your storage/permission policies and back up any sensitive files. If you want higher assurance, ask the publisher for a signed release tarball or review the repo history and install steps before enabling self-update or scheduling.

Capability Analysis

Type: OpenClaw Skill Name: ocas-rally Version: 3.0.1 The skill provides a comprehensive framework for financial portfolio management, including universe screening and trade planning. It is classified as suspicious due to high-risk capabilities documented in SKILL.md, specifically a self-update mechanism (rally.update) that uses shell commands to download, extract, and overwrite its own code from a remote GitHub repository (github.com/indigokarasu/rally). Additionally, it automatically registers persistence via cron jobs (rally:daily and rally:update). While these features are aligned with the stated purpose of a self-maintaining autonomous agent, they represent significant attack surfaces for remote code execution and supply chain compromise.

Capability Assessment

✓ Purpose & Capability

Name, description, commands, and declared filesystem read/write paths all match a portfolio research/plan workflow. Optional QUIVERQUANT_API_KEY (for congressional trades) is appropriate for the described congressional_flow feature. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md limits actions to portfolio ingestion, universe screening, signal computation, plan generation, journaling, and local JSONL persistence in ~/openclaw/data/ocas-rally and journals. It also documents cron registration (daily jobs) and a self-update command that pulls from GitHub — these are consistent with the operating model but are side-effectful (network and system-scheduling access) and worth reviewing.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only), though the SKILL.md/frontmatter suggests installing from a GitHub URL. Instruction-only reduces upfront install risk, but the self-update mechanism (rally.update) implies future code pulled from GitHub may be executed or used by the skill; verify the upstream repo before enabling auto-updates.

✓ Credentials

The only declared optional credential is QUIVERQUANT_API_KEY for an optional congressional-flow signal. No broad or unrelated environment variables or secrets are requested. Filesystem access is scoped to the skill's own data and journal directories under the user's home, which is proportionate for persistent portfolio state.

ℹ Persistence & Privilege

always:false and execution is disabled by default; however, the skill expects to create local data files and register cron jobs (daily reporting and self-update). Combined with the self-update capability, this gives the skill ongoing presence and the ability to fetch code — acceptable for this use case but warrants manual review and conservative defaults (keep execution disabled, require explicit deployment approvals).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ocas-rally
After installation, invoke the skill by name or use /ocas-rally
Provide required inputs per the skill's parameter spec and get structured output

Version History

v3.0.1

- Improved documentation for the ocas-rally skill, including detailed usage guidance, responsibility boundaries, commands, configuration, storage layout, and OKRs. - Added clear instructions for initialization, journal outputs, and when to use or avoid the skill. - Provided default configuration and storage file layout for easier setup. - Highlighted hard boundaries, risk management, and cooperation with related skills. - Included comprehensive command list for portfolio research, scoring, allocation, planning, and reporting tasks.

Metadata

Slug ocas-rally

Version 3.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Rally?

Research, score, and plan long-only portfolio allocations and trades for public markets with risk constraints and explainable decisions. It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.

How do I install Rally?

Run "/install ocas-rally" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Rally free?

Yes, Rally is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Rally support?

Rally is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Rally?

It is built and maintained by Indigo Karasu (@indigokarasu); the current version is v3.0.1.

More Skills