持仓诊断

持仓诊断技能(Tushare驱动版)——专为A股投资者设计。当用户说"帮我诊断持仓"、"看看我的股票组合"、"仓位合理吗"、"持仓风险大吗"、"我的组合夏普比率多少"时触发。使用Tushare SDK获取实时行情和历史数据，进行包含波动率、Beta、夏普比率、最大回撤在内的量化风险诊断，并生成专业诊断报告,包含：...

This package is a thin 'Prana/Claw' client, not a local Tushare implementation: it forwards your messages and portfolio data to a remote service for execution. Important things to consider before installing or running: - Data leaving your environment: The scripts POST user messages to remote endpoints (agent-run/agent-result). If you share private portfolio data, it will be transmitted to that remote service. - Automatic credential fetch and on-disk storage: By default the client will call GET /api/v1/api-keys on a base URL (defaults to https://claw-uat.ebonex.io/) and, if successful, write a public_key:secret_key line into config/api_key.txt. If you do not want keys written, set PRANA_SKILL_SKIP_WRITE_API_KEY=1 or disable auto-fetch via PRANA_SKILL_NO_AUTO_API_KEY=1 and supply PRANA_SKILL_PUBLIC_KEY / PRANA_SKILL_SECRET_KEY or PRANA_SKILL_API_KEY yourself. - Default base URL is a staging/test domain: Unless you set NEXT_PUBLIC_URL to a production/trusted endpoint, the client will contact the default claw-uat.ebonex.io host. Verify the target service and privacy policy before sending sensitive data. - Manifest/documentation mismatch: The skill frontmatter claims 'Tushare驱动' but no Tushare code is included locally — processing happens remotely. Ask the publisher where execution runs and whether Tushare or other vendor services will receive your data. Recommendations: - If you trust the remote Prana/Claw service and understand the credential handling, you can proceed but set PRANA_SKILL_SKIP_WRITE_API_KEY=1 if you prefer not to persist keys. - If you do not want your portfolio data or platform credentials sent to a remote endpoint you don't control, do not install/run this skill. - Ask the publisher for the canonical remote base URL, privacy/security policy, and confirmation that the remote service actually uses Tushare and will not retain or misuse your data. Confidence note: medium — the code is straightforward and readable, so the behaviors described are clear; the primary uncertainty is whether the remote service behavior/policies are appropriate for your data and whether the default base URL is intended for production.

Type: OpenClaw Skill Name: portfolio-diagnosis Version: 1.0.2 The skill bundle acts as a thin client for a remote portfolio diagnosis service hosted at claw-uat.ebonex.io. The Python and Node.js scripts (prana_skill_client.py/js) are designed to forward user-provided portfolio data to a remote API and retrieve analysis results. Key behaviors include automatic API key retrieval from the remote server and local persistence in config/api_key.txt, which are documented and aligned with the stated purpose of a SaaS-backed financial tool. No evidence of data exfiltration of sensitive local files, malicious execution, or prompt injection was found.