← Back to Skills Marketplace
Private Fund Portfolio Analysis
by
xiaoerdata
· GitHub ↗
· v1.6.0
· MIT-0
124
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install private-fund-portfolio-analysis
Description
私募基金持仓结构分析脚本构建方法。支持市场中性(期货空头对冲)和指数增强(持仓 vs 对标指数超配/低配)两种产品类型。当需要从私募基金估值表(XLS/XLSX)解析持仓,分析行业分布/市值分布/指数成分/期货对冲,并生成可视化报告时触发。也用于:生成持仓分析脚本、重构脚本、添加新数据源、修复脚本Bug、生成分析报告。
Usage Guidance
Don't install or run this skill as-is. The SKILL.md contains an explicit MySQL connection snippet with a concrete IP and password default — either that is an accidental leak of real credentials or a dangerous placeholder. Before proceeding: 1) Ask the publisher to remove any embedded credentials and to declare required environment variables in the skill metadata. 2) If you must run it, run in an isolated environment (no access to your production networks), and verify the MySQL host is one you control; treat the embedded credential as potentially live and change passwords if that host is yours. 3) Inspect the code and test with synthetic XLS files locally (disable network calls) to confirm behavior. 4) If the skill needs DB access, require explicit, user-provided credentials (no defaults) and document why the DB is needed. 5) Restrict outbound network access or run behind a firewall while reviewing. These steps will reduce the risk of unintended data exfiltration or accidental use of unknown credentials.
Capability Analysis
Type: OpenClaw Skill
Name: private-fund-portfolio-analysis
Version: 1.6.0
The skill bundle contains hardcoded MySQL credentials (user: 'readonly_user', password: 'w6w%vkXENC82PGZo') and a specific external IP address (43.138.222.153) in SKILL.md and references/data_sources.md. While the stated purpose is to fetch industry classification data, providing default credentials to an external server is a significant security risk and a common indicator of potential data exfiltration or tracking. Additionally, the skill relies on an AI agent generating and executing complex Python scripts (via scripts/generate_analysis_script_prompt.py) that interact with local files and network resources, which presents a high risk if the generated code is not strictly sandboxed.
Capability Assessment
Purpose & Capability
The skill's purpose (parsing XLS portfolio files, enriching with AKShare, optional MySQL lookup) is coherent with the included instructions and prompt template. However the registry metadata declares no required environment variables or credentials while the SKILL.md and references explicitly expect a MySQL data source and show environment-variable usage — and the SKILL.md even includes a concrete default host (43.138.222.153) and password (w6w%vkXENC82PGZo). This mismatch between declared requirements and actual instructions is inconsistent and unexpected.
Instruction Scope
The SKILL.md instructs the agent to parse XLS files, call AKShare (network), cache CSVs, and connect to a MySQL database. The MySQL connection snippet includes defaults and a real-looking IP/password; the instructions would cause network access and database queries. The instructions also reference specific workspace paths and output files. These behaviors go beyond pure local parsing (they require external network/database access) and are not reflected in the skill's metadata.
Install Mechanism
There is no install spec — the skill is instruction-only with one prompt-generating script. No downloads or archive extraction are specified, which is the lower-risk installation model.
Credentials
Although the registry lists no required env vars, the references/docs explicitly require MYSQL_HOST/PORT/USER/PASSWORD/DATABASE and the SKILL.md includes a default MySQL host and password inline. That embedded credential is disproportionate to a simple analysis helper (it binds the skill to a specific external database). The skill also performs network calls (AKShare) which are reasonable for market enrichment, but the undeclared, hardcoded DB credential is a red flag.
Persistence & Privilege
The skill does not request always:true and does not claim to modify other skills or system-wide settings. It writes output files (CSV/JSON/PNG) to the workspace as expected for a reporting script. No elevated or persistent platform privilege is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install private-fund-portfolio-analysis - After installation, invoke the skill by name or use
/private-fund-portfolio-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.6.0
Version 1.6.0
- No file changes detected in this version.
- Documentation and usage instructions remain unchanged.
- All core functionalities and supported features are as previously described.
v1.5.0
No functional or documentation changes detected in this version.
- No file changes were made for version 1.5.0.
v1.4.0
No file changes detected; version 1.4.0 is functionally identical to the previous release.
- Skill documentation, usage instructions, and all scripting details remain unchanged.
- No new features, bug fixes, or structural updates in this version.
v1.3.0
- Updated the sample MySQL connection parameters with real (non-placeholder) host, user, password, and database information in documentation.
- No changes to core analysis features or outputs.
- Reminder regarding avoiding hardcoding of sensitive information remains in place.
v1.2.0
Version 1.2.0 of private-fund-portfolio-analysis
- No file changes detected in this release.
- Documentation and feature set remain as previously described.
- All supported product types, usage patterns, data extraction points, and output files are unchanged.
- No new functionality, bug fixes, or enhancements introduced in this version.
v1.1.1
- Replaced real MySQL connection defaults in code samples with clear placeholder values to improve security and clarity.
- Updated documentation to emphasize use of placeholders instead of real credentials.
- No functional logic or interface changes; all modifications are in documentation and code comments.
v1.1.0
- 增加支持两种私募产品类型:市场中性(期货对冲)与指数增强(对标指数超配/低配分析)。
- 明确脚本区分,分别用于市场中性与指数增强场景,并提供命令用法示例。
- 新增对标指数选择及超配/低配比对分析逻辑,过滤噪音行业。
- 补充XLS解析与市值、行业、指数数据获取细节,强调容错与安全配置(如MySQL连接、字符集、敏感信息安全)。
- 明确所有输出文件类型和内容。
- 丰富文档结构和指引,便于不同类型产品分析。
v1.0.1
- Updated database connection placeholders in get_sw_industry to require explicit host, user, and password fields.
- Revised documentation in SKILL.md to reflect placeholder changes for sensitive database configuration.
- No changes to core analysis or logic; this update improves clarity and security by removing hardcoded credential examples.
v1.0.0
Initial release of private-fund-portfolio-analysis skill:
- Provides methods to parse private fund valuation tables (XLS/XLSX) for stock and futures positions, account info, and to generate structured analysis.
- Supports enrichment with market data, index membership, and industry classification.
- Automates statistical analysis by sector, size, index component, and hedging, with output in JSON/CSV.
- Generates comprehensive visualization report (PNG) using matplotlib.
Metadata
Frequently Asked Questions
What is Private Fund Portfolio Analysis?
私募基金持仓结构分析脚本构建方法。支持市场中性(期货空头对冲)和指数增强(持仓 vs 对标指数超配/低配)两种产品类型。当需要从私募基金估值表(XLS/XLSX)解析持仓,分析行业分布/市值分布/指数成分/期货对冲,并生成可视化报告时触发。也用于:生成持仓分析脚本、重构脚本、添加新数据源、修复脚本Bug、生成分析报告。 It is an AI Agent Skill for Claude Code / OpenClaw, with 124 downloads so far.
How do I install Private Fund Portfolio Analysis?
Run "/install private-fund-portfolio-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Private Fund Portfolio Analysis free?
Yes, Private Fund Portfolio Analysis is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Private Fund Portfolio Analysis support?
Private Fund Portfolio Analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Private Fund Portfolio Analysis?
It is built and maintained by xiaoerdata (@xiaoerdata); the current version is v1.6.0.
More Skills