← Back to Skills Marketplace
saintlittlefish

Xanadu Portfolio Optimizer

by saintlittlefish · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
404
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xanadu-portfolio-optimizer
Description
Optimize investment portfolios with rebalancing, risk analysis, tax-loss harvesting, and calculate optimal asset allocation.
Usage Guidance
This skill's optimizer code appears to do what it says (portfolio analysis, rebalancing, tax-loss harvesting) and requires network access to fetch prices. However, the repository includes billing code with a hard-coded SkillPay API key and some copy/paste inconsistencies (billing docstring referencing a different product). Before installing or running: (1) Do not run this in a sensitive or production environment until reviewed. (2) Treat the SKILLPAY_API_KEY in scripts/billing_config.py as a leaked secret — rotate it if it belongs to you, and remove hard-coded keys from the repo. (3) Prefer billing configuration via environment variables (not committed files). (4) Audit billing.py usage paths — confirm whether the billing API is actually invoked by your agent flows and whether the key has been used. (5) If you don't need monetization, remove or disable the billing files. (6) Run the code in an isolated sandbox or VM and review network calls (yfinance to Yahoo, and any calls to api.skillpay.me). (7) Contact the skill author (verify identity) or avoid installing until they fix the embedded secret and clarify the billing integration. If you want, I can produce exact remediation steps or help create a safer wrapper that strips billing before use.
Capability Analysis
Type: OpenClaw Skill Name: xanadu-portfolio-optimizer Version: 1.0.0 The skill bundle provides legitimate portfolio optimization functionality, including rebalancing, risk analysis, and tax-loss harvesting using the 'yfinance' library. While it includes a monetization component (SkillPay) in 'scripts/billing.py' and 'scripts/billing_config.py' with a hardcoded API key and wallet address (0xF194917738617118dfff40E0542cea20Cf7dDC55), this logic is currently uninvoked by the main 'scripts/optimizer.py' script and appears to be a standard feature of the developer's ecosystem. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The core optimizer (scripts/optimizer.py) implements portfolio analysis, rebalancing, and tax-loss harvesting consistent with the skill description. The repository also includes billing-related files and a Monetization section in SKILL.md, so payment integration is plausible. However, billing.py's module docstring and default SKILL_ID reference a different product ('Social Media Manager'), indicating a copy/paste or packaging inconsistency.
Instruction Scope
SKILL.md instructs running scripts/optimizer.py for analyze/rebalance/harvest; those routines only fetch price data (via yfinance) and perform local calculations and prints. The instructions do not direct the agent to read unrelated system files or to call the billing API. Still, runtime behavior includes network calls to Yahoo Finance (via yfinance) and the repo contains a separate billing module that would contact an external SkillPay API if invoked.
Install Mechanism
No install script is provided (instruction-only skill with bundled scripts). This is low-risk from an installation perspective. The SKILL.md lists reasonable Python dependency requirements (yfinance, numpy, pandas) which match the code usage.
Credentials
The repository contains scripts/billing_config.py with a hard-coded SKILLPAY_API_KEY and OWNER_WALLET (sensitive credential and wallet address), yet the skill metadata declares no required environment variables or credentials. Embedding an API key in code is disproportionate and risky: keys in repo can be abused. Billing code also posts the API key to https://api.skillpay.me/v1, which is expected for monetization but should be configured via environment variables rather than a committed secret. The mismatch between declared requirements (none) and included credentials is a red flag.
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges, and it does not modify other skills or system-wide agent settings. It appears user-invocable only, which is appropriate.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install xanadu-portfolio-optimizer
  3. After installation, invoke the skill by name or use /xanadu-portfolio-optimizer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of portfolio-optimizer. - Analyze current portfolio allocation, sector exposure, and performance vs benchmarks. - Rebalance portfolios with threshold-based, calendar-based, and tax-aware strategies. - Identify tax-loss harvesting opportunities, with support for wash sale rules and replacement suggestions. - Provide risk analysis: volatility, drawdown, beta, Sharpe ratio, VaR, and correlations. - Command-line interface for analyzing, rebalancing, tax-loss harvesting, and risk reporting. - Supports SkillPay integration with tiered premium features.
Metadata
Slug xanadu-portfolio-optimizer
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Xanadu Portfolio Optimizer?

Optimize investment portfolios with rebalancing, risk analysis, tax-loss harvesting, and calculate optimal asset allocation. It is an AI Agent Skill for Claude Code / OpenClaw, with 404 downloads so far.

How do I install Xanadu Portfolio Optimizer?

Run "/install xanadu-portfolio-optimizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Xanadu Portfolio Optimizer free?

Yes, Xanadu Portfolio Optimizer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Xanadu Portfolio Optimizer support?

Xanadu Portfolio Optimizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Xanadu Portfolio Optimizer?

It is built and maintained by saintlittlefish (@saintlittlefish); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments