← 返回 Skills 市场
Portfolio Risk Desk
作者
prashamshah115
· GitHub ↗
· v1.0.2
· MIT-0
113
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install portfolio-risk-desk
功能描述
Generate a portfolio-aware daily or on-demand risk analysis brief from public market data, company updates, earnings material, and macro context, then emit a...
安全使用建议
This skill appears to implement the portfolio briefing it advertises, but there are two things to check before installing: (1) Resolve the metadata mismatch — the registry claims no required env vars while SKILL.md and the README require APIFY_API_TOKEN (and optionally CIVIC_CLIENT_ID/NOTION_PARENT_PAGE_ID). If you do not want the skill to use your Apify account, do not supply APIFY_API_TOKEN or set ENABLE_LIVE_PROVIDERS=false. (2) Audit the retrieval/bootstrap code (apify_bootstrap.py and retrieval adapters) to confirm exactly what network calls and task creation the skill will perform with APIFY_API_TOKEN. Treat APIFY_API_TOKEN as a high-privilege secret (it can create/run tasks and access scraped data). If you rely on host-managed Notion or Redis, confirm the host implements those handoffs and that the skill will not perform direct writes. If unsure, run the package in a local sandbox with live providers disabled and review the output and tests first.
功能分析
Type: OpenClaw Skill
Name: portfolio-risk-desk
Version: 1.0.2
The Portfolio Risk Desk skill is a well-structured financial analysis tool designed to generate market briefs. It uses Apify for web and social media retrieval and prepares structured handoff payloads for Notion. Security analysis of the Python source code and SKILL.md instructions reveals no malicious behavior, data exfiltration, or unauthorized persistence. The tool utilizes a secure 'handoff' architecture where the host environment (OpenClaw) manages sensitive API interactions and memory, minimizing the skill's direct attack surface. All network activity is directed to the legitimate Apify API (api.apify.com) as defined in apify_bootstrap.py and retrieval.py.
能力评估
Purpose & Capability
The package implements retrieval, normalization, ranking, synthesis, rendering, and a Notion handoff which matches the described purpose. However, the registry summary at the top lists no required environment variables while SKILL.md (and README/clawhub.json) declares APIFY_API_TOKEN (required) and other optional host-scoped variables; that metadata mismatch is unexpected and should be resolved.
Instruction Scope
SKILL.md and the code focus on gathering public-market evidence, synthesizing it, and emitting a host-consumable handoff. The runtime instructions include an Apify bootstrap step (APIFY_API_TOKEN) and expect the host to perform Notion writes and memory persistence. There are no instructions that ask the agent to read unrelated local secrets or arbitrary host files in the visible files, but retrieval and delivery code (e.g., apify bootstrap and retrieval adapters) are present and should be audited for exact network behavior before use.
Install Mechanism
No install spec is provided (instruction/code bundle included). The package is a normal Python project with no external download/install-from-URL steps listed in the manifest. This reduces install-time supply-chain risk compared to remote installers.
Credentials
SKILL.md lists APIFY_API_TOKEN as required and documents bootstrap behavior that uses that token; that is proportionate to live web retrieval via Apify but the registry metadata omitted any required env vars. The code only enforces the token when enable_live_providers is true, so SKILL.md's unconditional 'required: true' is inconsistent. APIFY_API_TOKEN grants the skill (or whoever runs bootstrap) the ability to act against the user's Apify account — treat it as a high-privilege secret. CIVIC_CLIENT_ID and NOTION_PARENT_PAGE_ID are optional and align with host-managed functionality.
Persistence & Privilege
The skill does not request persistent inclusion (always: false). It produces handoff payloads intended for the host to write to Notion or memory; it does not itself modify other skills or system-wide settings in the visible code. Autonomous invocation is allowed (platform default) but is not combined with other high-privilege flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install portfolio-risk-desk - 安装完成后,直接呼叫该 Skill 的名称或使用
/portfolio-risk-desk触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Addressed some security concerns regard APIFY.
v1.0.1
Addressed security concerns and some latency issues.
v1.0.0
Initial ClawHub release with automatic Apify bootstrap and host-managed Redis/Notion handoff.
元数据
常见问题
Portfolio Risk Desk 是什么?
Generate a portfolio-aware daily or on-demand risk analysis brief from public market data, company updates, earnings material, and macro context, then emit a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。
如何安装 Portfolio Risk Desk?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install portfolio-risk-desk」即可一键安装,无需额外配置。
Portfolio Risk Desk 是免费的吗?
是的,Portfolio Risk Desk 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Portfolio Risk Desk 支持哪些平台?
Portfolio Risk Desk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Portfolio Risk Desk?
由 prashamshah115(@prashamshah115)开发并维护,当前版本 v1.0.2。
推荐 Skills