← Back to Skills Marketplace
光通信投资分析框架
by
SeanWeiSean
· GitHub ↗
· v2.0.0
· MIT-0
162
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install optical-comm-investing
Description
AI光通信产业链投资分析框架(自迭代)。基于闷得而蜜160篇专栏+查尔斯大风车15篇长文的系统性整理,支持持续学习新帖自动追加。用于:(1)分析光通信相关股票(光模块/光芯片/PCB/CPO/NPO/OCS概念股),(2)判断技术路线(InP/硅光/TFLN/CPO/NPO/XPO),(3)评估标的质量(九字诀/...
Usage Guidance
This skill appears to be a legitimate investment analysis framework, but its optional self-update feature asks the agent to use browser automation with an "already logged" Chrome profile. That can expose session cookies and other browser state. Before installing or enabling the self-update capability: 1) Prefer using the analysis functions without enabling automated updates; request/submit new posts/URLs manually instead of granting browser-profile access. 2) If you want automatic updates, require the skill author to declare that dependency in metadata and explain exactly what browser-tool and profile access is needed and how credentials/session data are isolated and not exfiltrated. 3) Verify platform-level sandboxing for the browser tool: confirm it cannot read other browser profiles or arbitrary local files and that it does not leak cookies to remote endpoints. 4) Ensure the skill cannot run autonomous updates without explicit, per-update user consent; consider turning off autonomous invocation or adding an approval gate. 5) Review the appended reference files (and the update log) after any update to confirm only the intended content was added and nothing sensitive was captured. If you are not comfortable granting browser-profile access, use the skill in read-only/manual-update mode.
Capability Analysis
Type: OpenClaw Skill
Name: optical-comm-investing
Version: 2.0.0
The skill bundle provides an investment analysis framework for optical communications with a 'self-iteration' feature that instructs the AI agent to use browser tools to scrape external content from Xueqiu (xueqiu.com). Critically, SKILL.md requests the use of a logged-in browser profile (profile='user') to access full article text, which poses a significant risk of session/cookie exposure. Furthermore, the automated process of reading and 'extracting' information from untrusted external web posts into local reference files creates a major surface for indirect prompt injection, where malicious content on the target website could hijack the agent's execution logic.
Capability Assessment
Purpose & Capability
The skill's name and description match the included reference files and analysis steps: the bundle is a domain-specific investment framework for optical-communications and contains many reference documents used by the analysis logic. The optional 'self-iteration' feature (fetching new posts from Xueqiu) is logically related to the stated purpose. However, the SKILL.md explicitly requires a browser automation tool and an already-logged Chrome profile to read gated posts — yet the skill metadata declares no required config paths, credentials, or environment variables. That mismatch (needing access to a user browser profile but not declaring it) is a design inconsistency.
Instruction Scope
Runtime instructions operate only on local reference files for analysis (OK), and they describe an optional update flow that scrapes specific Xueqiu user pages and reads comment threads. The update flow requires a browser tool and directs use of an "already logged" Chrome profile (profile="user"). Even though the SKILL.md states the update runs only on explicit user trigger and promises not to store credentials or run in background, asking to use a user's logged browser profile can expose cookies/session state and other sites' auth data. The instructions also tell the agent to edit local reference files (append-only), which means the skill will modify its own stored documents — expected, but worth auditing. Overall the update steps stay within purpose but they request access to user browser state that is not limited or declared.
Install Mechanism
This skill is instruction-only with no install spec and no code files, so it does not download or install arbitrary third-party code. That is low-risk from an installation perspective.
Credentials
Declared metadata requests no environment variables, binaries, or config paths, which is sensible for a static reference-driven analysis. But the SKILL.md nonetheless requires a browser automation tool and an already-logged Chrome profile for its self-update feature. Requesting access to a user's browser profile (session cookies, logged-in state) is a high-privilege action that is not reflected in the declared requirements and lacks justification in the metadata. This gap is a proportionality concern: either the metadata should declare this dependency and explain safeguards, or the skill should accept user-provided URLs/content instead of requiring profile access.
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (disable-model-invocation:false) which is platform default — by itself acceptable. Combined with the undeclared browser-profile requirement this increases risk: if the agent were ever permitted to autonomously run the self-update flow, it could access a logged browser session. The SKILL.md states updates run only on explicit user triggers and will not run in background, but that is an instruction-level policy, not an enforced platform guarantee. Also the skill writes appended data to its own reference files (edit), which is expected for a self-iterating knowledge base but should be auditable.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install optical-comm-investing - After installation, invoke the skill by name or use
/optical-comm-investing - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
重构:拆分为core-framework + 14个股档案 + 按日期帖子存档。修复闷蜜userid。新增查尔斯InP MZM分析、五大金牛专栏等4/21内容。
v1.0.1
Fix: 声明自迭代功能的前置依赖(浏览器+雪球登录态),明确隐私边界和用户触发机制
v1.0.0
Initial release: AI光通信产业链投资分析框架,含自迭代功能
Metadata
Frequently Asked Questions
What is 光通信投资分析框架?
AI光通信产业链投资分析框架(自迭代)。基于闷得而蜜160篇专栏+查尔斯大风车15篇长文的系统性整理,支持持续学习新帖自动追加。用于:(1)分析光通信相关股票(光模块/光芯片/PCB/CPO/NPO/OCS概念股),(2)判断技术路线(InP/硅光/TFLN/CPO/NPO/XPO),(3)评估标的质量(九字诀/... It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.
How do I install 光通信投资分析框架?
Run "/install optical-comm-investing" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 光通信投资分析框架 free?
Yes, 光通信投资分析框架 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 光通信投资分析框架 support?
光通信投资分析框架 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 光通信投资分析框架?
It is built and maintained by SeanWeiSean (@seanweisean); the current version is v2.0.0.
More Skills