← 返回 Skills 市场
Ghostfolio
作者
nSimon (Nicolas)
· GitHub ↗
· v1.0.0
284
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ghostfolio
功能描述
Manage and query Ghostfolio portfolio data (performance, holdings, dividends) using API endpoints and token auth patterns.
使用说明 (SKILL.md)
Ghostfolio
Use this skill when the user asks about Ghostfolio portfolio metrics, holdings, dividends, or API troubleshooting.
Environment Variables
# Prefer local access when available
export GHOSTFOLIO_BASE_URL="http://127.0.0.1:3333"
# Optional remote example:
# export GHOSTFOLIO_BASE_URL="https://rpi5.gate-mintaka.ts.net:8444"
# Long-lived token supplied by user/admin
export GHOSTFOLIO_TOKEN="..."
# Optional but recommended
export GHOSTFOLIO_TIMEZONE="Europe/Paris"
Auth Modes
Ghostfolio setups can differ. Support both modes:
Mode A — Direct bearer (works in some environments)
AUTH_HEADER="Authorization: Bearer $GHOSTFOLIO_TOKEN"
Mode B — Anonymous exchange (required in some environments)
AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
-H 'Content-Type: application/json' \
--data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" \
| jq -r '.authToken')
[ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] || {
echo "Failed to obtain authToken" >&2
exit 1
}
AUTH_HEADER="Authorization: Bearer $AUTH_TOKEN"
Endpoint Templates
Portfolio performance
curl -fsS "$GHOSTFOLIO_BASE_URL/api/v2/portfolio/performance?range=ytd" \
-H "$AUTH_HEADER" \
-H 'Accept: application/json' \
-H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .
Holdings
curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/holdings?range=ytd" \
-H "$AUTH_HEADER" \
-H 'Accept: application/json' \
-H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .
Dividends
curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/dividends?groupBy=month&range=ytd" \
-H "$AUTH_HEADER" \
-H 'Accept: application/json' \
-H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .
Quick connectivity + auth probe
# 1) Try direct bearer first
for ep in \
'/api/v2/portfolio/performance?range=ytd' \
'/api/v1/portfolio/holdings?range=ytd' \
'/api/v1/portfolio/dividends?groupBy=month&range=ytd'
do
code=$(curl -s -o /tmp/gf_probe.json -w '%{http_code}' "$GHOSTFOLIO_BASE_URL$ep" \
-H "Authorization: Bearer $GHOSTFOLIO_TOKEN" \
-H 'Accept: application/json' \
-H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE")
echo "direct $ep -> $code"
done
# 2) If direct is 401/403, try anonymous exchange
AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
-H 'Content-Type: application/json' \
--data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" | jq -r '.authToken')
echo "anonymous exchange token present: $([ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] && echo yes || echo no)"
Troubleshooting
-
401 Unauthorized- Token invalid for this auth mode, token expired, or wrong token type.
- Try the other auth mode (direct vs anonymous exchange).
-
403 Forbidden- Token recognized but not authorized for the requested resources.
- Verify account/environment and permissions.
-
Timezone inconsistencies
- Send
x-ghostfolio-timezone(or at leastTimezone) explicitly.
- Send
-
Connectivity issues
- Prefer local URL (
http://127.0.0.1:3333) if service runs locally. - For remote TLS diagnostics only, temporary
curl -kcan help.
- Prefer local URL (
Safety Notes
- Never print or commit real tokens in logs/docs.
- Keep tokens in environment variables only.
- Use
curl -fsSso HTTP/API errors are not silently ignored.
安全使用建议
This skill appears to do what it claims (talk to Ghostfolio APIs with a token) but the runtime instructions reference additional environment variables (GHOSTFOLIO_BASE_URL, GHOSTFOLIO_TIMEZONE) and require CLI tools (curl, jq) that are not listed in the registry metadata. Before installing: 1) Confirm you trust the target Ghostfolio host (especially if you set a remote GHOSTFOLIO_BASE_URL); 2) Ensure curl and jq are available on the agent runtime, or the canned commands will fail; 3) Be aware the skill will make network calls and write /tmp/gf_probe.json during probes; 4) Only provide the GHOSTFOLIO_TOKEN to trusted code/hosts and avoid pasting it into logs; 5) Ask the publisher to update the metadata to declare the additional environment variables and required binaries (or remove undeclared dependencies) for clearer, safer use.
功能分析
Type: OpenClaw Skill
Name: ghostfolio
Version: 1.0.0
The Ghostfolio skill bundle provides standard templates and instructions for querying portfolio data via the Ghostfolio API. It correctly handles authentication using environment variables and includes logic for both direct bearer tokens and anonymous token exchange as per Ghostfolio's API design. No evidence of data exfiltration, malicious execution, or prompt injection was found; the code is transparent and aligns with its stated purpose (SKILL.md).
能力评估
Purpose & Capability
Name/description (Ghostfolio API access) align with the requested primary credential GHOSTFOLIO_TOKEN. However, the SKILL.md also expects GHOSTFOLIO_BASE_URL and GHOSTFOLIO_TIMEZONE (but only GHOSTFOLIO_TOKEN is declared as required), which is a mismatch between declared requirements and what the instructions actually use.
Instruction Scope
The instructions instruct the agent to run network calls (curl) against a local or remote base URL, perform an anonymous token exchange, write to /tmp/gf_probe.json, and parse results with jq. They also suggest using curl -k for TLS diagnostics. The SKILL.md references environment variables not listed in requires.env and relies on external CLI tools (jq) that are not declared as required — this gives the skill broader runtime effects than the registry metadata describes.
Install Mechanism
This is an instruction-only skill with no install spec, so it won't write code to disk or fetch third-party packages. That is low install risk. However, the instructions do implicitly require runtime tools (curl and jq) that are not installed by the skill.
Credentials
Only one credential (GHOSTFOLIO_TOKEN) is declared as required which is proportionate for an API integration. The SKILL.md also expects optional GHOSTFOLIO_BASE_URL and GHOSTFOLIO_TIMEZONE but these are not listed in the registry metadata — this is a documentation inconsistency rather than an extra credential demand.
Persistence & Privilege
The skill does not request permanent 'always' inclusion or elevated privileges. It does perform network calls and creates a temporary file in /tmp during probes, but it does not modify other skills or system-wide agent configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ghostfolio - 安装完成后,直接呼叫该 Skill 的名称或使用
/ghostfolio触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Ghostfolio skill.
- Enables querying Ghostfolio portfolio data: performance, holdings, and dividends via API.
- Supports both direct bearer and anonymous token exchange authentication modes.
- Provides example `curl` commands and troubleshooting guidance.
- Relies on `GHOSTFOLIO_TOKEN` environment variable for authentication.
- Supports custom timezone via `GHOSTFOLIO_TIMEZONE`.
- Includes connectivity probing scripts and common error diagnostics.
元数据
常见问题
Ghostfolio 是什么?
Manage and query Ghostfolio portfolio data (performance, holdings, dividends) using API endpoints and token auth patterns. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 284 次。
如何安装 Ghostfolio?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ghostfolio」即可一键安装,无需额外配置。
Ghostfolio 是免费的吗?
是的,Ghostfolio 完全免费(开源免费),可自由下载、安装和使用。
Ghostfolio 支持哪些平台?
Ghostfolio 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ghostfolio?
由 nSimon (Nicolas)(@nsimonfr)开发并维护,当前版本 v1.0.0。
推荐 Skills