← 返回 Skills 市场
439
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install temp-skill
功能描述
提供基于免费数据源的多资产投资组合分析,支持滚动窗口风险平价调仓及完整回测和图表报告生成。
安全使用建议
Do not run this skill blindly. Key concerns: (1) The documentation promises live API fetching and asks for an ALPHA_VANTAGE_API_KEY, but the included code shown works only with local CSVs — verify whether any hidden/remaining code does network calls before providing API keys. (2) The manifests/docs disagree about dependencies (yfinance/plotly appear in README/SKILL.md but not in manifest); install only the packages you need and inspect imports. (3) Review the full optimized_risk_parity_skill.py and optimized_main.py for any network, subprocess, or filesystem writes (the provided excerpt is truncated and contains an apparent unfinished return referencing an undefined variable). Run the code in a sandboxed environment with non-sensitive sample CSVs first, and consider static inspection or running with tracing to detect unexpected outbound connections. If you intend to use live APIs, only supply API keys after confirming exactly which module will use them and where keys are read from.
功能分析
Type: OpenClaw Skill
Name: temp-skill
Version: 1.0.0
The skill is classified as suspicious due to potential Local File Inclusion (LFI) and arbitrary file write vulnerabilities. The `optimized_main.py` script accepts arbitrary file paths for `--csv` input and `--output` directory, which are then used by `optimized_risk_parity_skill.py` for reading and writing files. An AI agent could be prompted to supply paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) for reading, or to sensitive directories for writing, potentially leading to information disclosure or denial of service. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection attempts within the markdown files; the identified risks are vulnerabilities in argument handling.
能力评估
Purpose & Capability
The SKILL.md and README claim integration with Yahoo Finance (yfinance), Alpha Vantage, and Finnhub and instruct setting ALPHA_VANTAGE_API_KEY, but the provided Python code focuses on loading local CSV files and contains no obvious network/API calls in the visible portions. The manifest dependencies also omit yfinance/plotly while SKILL.md's pip install list includes them. These discrepancies mean the declared capabilities (live API fetching) do not match the actual code and requirements.
Instruction Scope
Runtime instructions tell the agent/user to run scripts that operate on local CSVs and mention configuring an Alpha Vantage API key. The shipped scripts (optimized_main.py and optimized_risk_parity_skill.py) as shown read local CSV, compute metrics, and write reports/charts — they do not (in the visible code) request or transmit secrets. However the SKILL.md allows/mentions free API sources and an API key; that expands the expected scope but is not reflected in the code. Also the SKILL.md references a default path under C:\Users\... which may cause accidental use of a local file.
Install Mechanism
There is no automated install spec (instruction-only install). That minimizes supply-chain risk from downloads. The SKILL.md suggests pip installing typical data-science packages (pandas/numpy/matplotlib/seaborn/plotly/yfinance). Those are expected for this domain; no remote/executable download URLs are present in the package.
Credentials
The SKILL.md instructs setting ALPHA_VANTAGE_API_KEY but the skill metadata lists no required environment variables and the visible code does not reference any env var. This mismatch is a red flag: either the docs are outdated (harmless) or parts of the skill (not visible in truncated code) use credentials but do not declare them. Users should not supply API keys until confirming where/if they're used.
Persistence & Privilege
The skill does not request persistent or privileged presence (always is false). It appears to operate as a run-on-demand script that reads CSVs and writes reports/charts into the filesystem; no evidence of modifying other skills or agent configs was found in the visible files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install temp-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/temp-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
金融分析技能 1.0.0
- 新增投资组合分析工具,支持多资产类型(股票、ETF、加密货币等)
- 集成多种免费行情数据源(Yahoo Finance、Alpha Vantage、Finnhub、CSV)
- 实现文字+图表化投资报告,涵盖收益、风险及资产配置等指标
- 支持滚动窗口风险平价分析及自动回测流程,避免未来数据
- 输出详细报告和多种可视化图表(收益曲线、配置饼图、相关性热力图等)
- 示例配置和报告文档详尽,方便快速上手
元数据
常见问题
Temp Skill 是什么?
提供基于免费数据源的多资产投资组合分析,支持滚动窗口风险平价调仓及完整回测和图表报告生成。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 439 次。
如何安装 Temp Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install temp-skill」即可一键安装,无需额外配置。
Temp Skill 是免费的吗?
是的,Temp Skill 完全免费(开源免费),可自由下载、安装和使用。
Temp Skill 支持哪些平台?
Temp Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Temp Skill?
由 wzratgit(@wzratgit)开发并维护,当前版本 v1.0.0。
推荐 Skills