← Back to Skills Marketplace
Portfolio Risk Desk
by
prashamshah115
· GitHub ↗
· v1.0.2
· MIT-0
113
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install portfolio-risk-desk
Description
Generate a portfolio-aware daily or on-demand risk analysis brief from public market data, company updates, earnings material, and macro context, then emit a...
Usage Guidance
This skill appears to implement the portfolio briefing it advertises, but there are two things to check before installing: (1) Resolve the metadata mismatch — the registry claims no required env vars while SKILL.md and the README require APIFY_API_TOKEN (and optionally CIVIC_CLIENT_ID/NOTION_PARENT_PAGE_ID). If you do not want the skill to use your Apify account, do not supply APIFY_API_TOKEN or set ENABLE_LIVE_PROVIDERS=false. (2) Audit the retrieval/bootstrap code (apify_bootstrap.py and retrieval adapters) to confirm exactly what network calls and task creation the skill will perform with APIFY_API_TOKEN. Treat APIFY_API_TOKEN as a high-privilege secret (it can create/run tasks and access scraped data). If you rely on host-managed Notion or Redis, confirm the host implements those handoffs and that the skill will not perform direct writes. If unsure, run the package in a local sandbox with live providers disabled and review the output and tests first.
Capability Analysis
Type: OpenClaw Skill
Name: portfolio-risk-desk
Version: 1.0.2
The Portfolio Risk Desk skill is a well-structured financial analysis tool designed to generate market briefs. It uses Apify for web and social media retrieval and prepares structured handoff payloads for Notion. Security analysis of the Python source code and SKILL.md instructions reveals no malicious behavior, data exfiltration, or unauthorized persistence. The tool utilizes a secure 'handoff' architecture where the host environment (OpenClaw) manages sensitive API interactions and memory, minimizing the skill's direct attack surface. All network activity is directed to the legitimate Apify API (api.apify.com) as defined in apify_bootstrap.py and retrieval.py.
Capability Assessment
Purpose & Capability
The package implements retrieval, normalization, ranking, synthesis, rendering, and a Notion handoff which matches the described purpose. However, the registry summary at the top lists no required environment variables while SKILL.md (and README/clawhub.json) declares APIFY_API_TOKEN (required) and other optional host-scoped variables; that metadata mismatch is unexpected and should be resolved.
Instruction Scope
SKILL.md and the code focus on gathering public-market evidence, synthesizing it, and emitting a host-consumable handoff. The runtime instructions include an Apify bootstrap step (APIFY_API_TOKEN) and expect the host to perform Notion writes and memory persistence. There are no instructions that ask the agent to read unrelated local secrets or arbitrary host files in the visible files, but retrieval and delivery code (e.g., apify bootstrap and retrieval adapters) are present and should be audited for exact network behavior before use.
Install Mechanism
No install spec is provided (instruction/code bundle included). The package is a normal Python project with no external download/install-from-URL steps listed in the manifest. This reduces install-time supply-chain risk compared to remote installers.
Credentials
SKILL.md lists APIFY_API_TOKEN as required and documents bootstrap behavior that uses that token; that is proportionate to live web retrieval via Apify but the registry metadata omitted any required env vars. The code only enforces the token when enable_live_providers is true, so SKILL.md's unconditional 'required: true' is inconsistent. APIFY_API_TOKEN grants the skill (or whoever runs bootstrap) the ability to act against the user's Apify account — treat it as a high-privilege secret. CIVIC_CLIENT_ID and NOTION_PARENT_PAGE_ID are optional and align with host-managed functionality.
Persistence & Privilege
The skill does not request persistent inclusion (always: false). It produces handoff payloads intended for the host to write to Notion or memory; it does not itself modify other skills or system-wide settings in the visible code. Autonomous invocation is allowed (platform default) but is not combined with other high-privilege flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install portfolio-risk-desk - After installation, invoke the skill by name or use
/portfolio-risk-desk - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Addressed some security concerns regard APIFY.
v1.0.1
Addressed security concerns and some latency issues.
v1.0.0
Initial ClawHub release with automatic Apify bootstrap and host-managed Redis/Notion handoff.
Metadata
Frequently Asked Questions
What is Portfolio Risk Desk?
Generate a portfolio-aware daily or on-demand risk analysis brief from public market data, company updates, earnings material, and macro context, then emit a... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.
How do I install Portfolio Risk Desk?
Run "/install portfolio-risk-desk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Portfolio Risk Desk free?
Yes, Portfolio Risk Desk is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Portfolio Risk Desk support?
Portfolio Risk Desk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Portfolio Risk Desk?
It is built and maintained by prashamshah115 (@prashamshah115); the current version is v1.0.2.
More Skills