← 返回 Skills 市场
Private Fund Portfolio Analysis
作者
xiaoerdata
· GitHub ↗
· v1.6.0
· MIT-0
124
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install private-fund-portfolio-analysis
功能描述
私募基金持仓结构分析脚本构建方法。支持市场中性(期货空头对冲)和指数增强(持仓 vs 对标指数超配/低配)两种产品类型。当需要从私募基金估值表(XLS/XLSX)解析持仓,分析行业分布/市值分布/指数成分/期货对冲,并生成可视化报告时触发。也用于:生成持仓分析脚本、重构脚本、添加新数据源、修复脚本Bug、生成分析报告。
安全使用建议
Don't install or run this skill as-is. The SKILL.md contains an explicit MySQL connection snippet with a concrete IP and password default — either that is an accidental leak of real credentials or a dangerous placeholder. Before proceeding: 1) Ask the publisher to remove any embedded credentials and to declare required environment variables in the skill metadata. 2) If you must run it, run in an isolated environment (no access to your production networks), and verify the MySQL host is one you control; treat the embedded credential as potentially live and change passwords if that host is yours. 3) Inspect the code and test with synthetic XLS files locally (disable network calls) to confirm behavior. 4) If the skill needs DB access, require explicit, user-provided credentials (no defaults) and document why the DB is needed. 5) Restrict outbound network access or run behind a firewall while reviewing. These steps will reduce the risk of unintended data exfiltration or accidental use of unknown credentials.
功能分析
Type: OpenClaw Skill
Name: private-fund-portfolio-analysis
Version: 1.6.0
The skill bundle contains hardcoded MySQL credentials (user: 'readonly_user', password: 'w6w%vkXENC82PGZo') and a specific external IP address (43.138.222.153) in SKILL.md and references/data_sources.md. While the stated purpose is to fetch industry classification data, providing default credentials to an external server is a significant security risk and a common indicator of potential data exfiltration or tracking. Additionally, the skill relies on an AI agent generating and executing complex Python scripts (via scripts/generate_analysis_script_prompt.py) that interact with local files and network resources, which presents a high risk if the generated code is not strictly sandboxed.
能力评估
Purpose & Capability
The skill's purpose (parsing XLS portfolio files, enriching with AKShare, optional MySQL lookup) is coherent with the included instructions and prompt template. However the registry metadata declares no required environment variables or credentials while the SKILL.md and references explicitly expect a MySQL data source and show environment-variable usage — and the SKILL.md even includes a concrete default host (43.138.222.153) and password (w6w%vkXENC82PGZo). This mismatch between declared requirements and actual instructions is inconsistent and unexpected.
Instruction Scope
The SKILL.md instructs the agent to parse XLS files, call AKShare (network), cache CSVs, and connect to a MySQL database. The MySQL connection snippet includes defaults and a real-looking IP/password; the instructions would cause network access and database queries. The instructions also reference specific workspace paths and output files. These behaviors go beyond pure local parsing (they require external network/database access) and are not reflected in the skill's metadata.
Install Mechanism
There is no install spec — the skill is instruction-only with one prompt-generating script. No downloads or archive extraction are specified, which is the lower-risk installation model.
Credentials
Although the registry lists no required env vars, the references/docs explicitly require MYSQL_HOST/PORT/USER/PASSWORD/DATABASE and the SKILL.md includes a default MySQL host and password inline. That embedded credential is disproportionate to a simple analysis helper (it binds the skill to a specific external database). The skill also performs network calls (AKShare) which are reasonable for market enrichment, but the undeclared, hardcoded DB credential is a red flag.
Persistence & Privilege
The skill does not request always:true and does not claim to modify other skills or system-wide settings. It writes output files (CSV/JSON/PNG) to the workspace as expected for a reporting script. No elevated or persistent platform privilege is requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install private-fund-portfolio-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/private-fund-portfolio-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.0
Version 1.6.0
- No file changes detected in this version.
- Documentation and usage instructions remain unchanged.
- All core functionalities and supported features are as previously described.
v1.5.0
No functional or documentation changes detected in this version.
- No file changes were made for version 1.5.0.
v1.4.0
No file changes detected; version 1.4.0 is functionally identical to the previous release.
- Skill documentation, usage instructions, and all scripting details remain unchanged.
- No new features, bug fixes, or structural updates in this version.
v1.3.0
- Updated the sample MySQL connection parameters with real (non-placeholder) host, user, password, and database information in documentation.
- No changes to core analysis features or outputs.
- Reminder regarding avoiding hardcoding of sensitive information remains in place.
v1.2.0
Version 1.2.0 of private-fund-portfolio-analysis
- No file changes detected in this release.
- Documentation and feature set remain as previously described.
- All supported product types, usage patterns, data extraction points, and output files are unchanged.
- No new functionality, bug fixes, or enhancements introduced in this version.
v1.1.1
- Replaced real MySQL connection defaults in code samples with clear placeholder values to improve security and clarity.
- Updated documentation to emphasize use of placeholders instead of real credentials.
- No functional logic or interface changes; all modifications are in documentation and code comments.
v1.1.0
- 增加支持两种私募产品类型:市场中性(期货对冲)与指数增强(对标指数超配/低配分析)。
- 明确脚本区分,分别用于市场中性与指数增强场景,并提供命令用法示例。
- 新增对标指数选择及超配/低配比对分析逻辑,过滤噪音行业。
- 补充XLS解析与市值、行业、指数数据获取细节,强调容错与安全配置(如MySQL连接、字符集、敏感信息安全)。
- 明确所有输出文件类型和内容。
- 丰富文档结构和指引,便于不同类型产品分析。
v1.0.1
- Updated database connection placeholders in get_sw_industry to require explicit host, user, and password fields.
- Revised documentation in SKILL.md to reflect placeholder changes for sensitive database configuration.
- No changes to core analysis or logic; this update improves clarity and security by removing hardcoded credential examples.
v1.0.0
Initial release of private-fund-portfolio-analysis skill:
- Provides methods to parse private fund valuation tables (XLS/XLSX) for stock and futures positions, account info, and to generate structured analysis.
- Supports enrichment with market data, index membership, and industry classification.
- Automates statistical analysis by sector, size, index component, and hedging, with output in JSON/CSV.
- Generates comprehensive visualization report (PNG) using matplotlib.
元数据
常见问题
Private Fund Portfolio Analysis 是什么?
私募基金持仓结构分析脚本构建方法。支持市场中性(期货空头对冲)和指数增强(持仓 vs 对标指数超配/低配)两种产品类型。当需要从私募基金估值表(XLS/XLSX)解析持仓,分析行业分布/市值分布/指数成分/期货对冲,并生成可视化报告时触发。也用于:生成持仓分析脚本、重构脚本、添加新数据源、修复脚本Bug、生成分析报告。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 124 次。
如何安装 Private Fund Portfolio Analysis?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install private-fund-portfolio-analysis」即可一键安装,无需额外配置。
Private Fund Portfolio Analysis 是免费的吗?
是的,Private Fund Portfolio Analysis 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Private Fund Portfolio Analysis 支持哪些平台?
Private Fund Portfolio Analysis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Private Fund Portfolio Analysis?
由 xiaoerdata(@xiaoerdata)开发并维护,当前版本 v1.6.0。
推荐 Skills