← 返回 Skills 市场
103
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install tzzb-analyzer
功能描述
同花顺投资账本持仓分析工具。自动从同花顺投资账本读取持仓、自选股、交易记录,结合市场行情生成深度分析报告,支持板块分布、风险监控和阈值报警。
安全使用建议
This skill needs access to your Chrome debugging endpoint so it can drive your logged-in browser and extract the Tonghuashun session cookies — that is how it reads your holdings, but it is a high-privilege operation. Before installing: 1) Understand that the skill can access browser cookies and pages when it connects to your browser via CHROME_DEBUG_URL. 2) Use an isolated Chrome user-data directory/profile (set CHROME_USER_DATA_DIR) or start a dedicated Chrome instance for this tool so it doesn't attach to your everyday browser profile. 3) Do not set CHROME_KILL_EXISTING unless you want the skill to forcibly terminate Chrome processes. 4) Review the included scripts (especially scripts/tzzb_parser/cookie_extractor.py and main.py) yourself if possible; pay attention to any code paths that call context.cookies() without URL restrictions. If you are uncomfortable granting that level of access, do not install or run the skill. If you proceed, run it in a sandboxed environment or an isolated browser profile to limit exposure.
功能分析
Type: OpenClaw Skill
Name: tzzb-analyzer
Version: 2.4.0
The skill bundle provides tools to analyze financial data from the Tonghuashun (10jqka) platform by automating a web browser. It employs high-risk techniques, such as launching Chrome with remote debugging enabled (--remote-debugging-port), killing existing browser processes via taskkill, and programmatically extracting session cookies (scripts/tzzb_parser/cookie_extractor.py) to access private investment data. While these capabilities are plausibly required for the stated purpose of scraping a login-protected financial site, the use of browser automation and direct cookie access represents a significant security risk. No evidence of intentional data exfiltration to unauthorized third-party domains was found in the provided code.
能力评估
Purpose & Capability
Name/description (Tonghuashun portfolio analyzer) align with included code: scripts fetch positions/trades/watchlist via Playwright/CDP and generate reports/alerts. Requiring a Chrome debug endpoint and Playwright is expected for a scraper that uses the user's logged-in browser session.
Instruction Scope
Runtime instructions tell the agent to connect to a local Chrome remote-debugging endpoint and run the provided Python scripts — that matches the code. However, cookie_extractor.py calls context.cookies() as a fallback (without restricting URLs) which can return cookies for the whole browser context if the targeted cookies aren't found; attaching to a user's existing Chrome via CDP therefore carries risk of accessing unrelated cookies/tokens. The SKILL.md does not explicitly warn about broad cookie access or instruct the user to use an isolated user-data-dir and to verify login is in that profile.
Install Mechanism
No remote download/install spec; dependencies are standard (Playwright, python-dotenv) and SKILL.md instructs running 'playwright install chromium'. No unusual upstream URLs or archive extraction steps were found.
Credentials
The skill only declares CHROME_DEBUG_URL as a required env var, which fits the purpose. But the code also reads optional env vars (CHROME_PATH, CHROME_USER_DATA_DIR, CHROME_KILL_EXISTING, CHROME_USER_DATA_DIR) and can auto-start Chrome or kill existing Chrome when certain env vars are set — these behaviors are powerful and should be noted. More importantly, the skill's cookie extraction requires access to a logged-in browser profile, which is a high-privilege action (it reads session cookies). While necessary to access the user's tzzb account, this is sensitive and proportional only if the user intentionally allows a dedicated browser profile or user-data-dir to be used.
Persistence & Privilege
always is false. The skill writes only to its own memory/ and data/ directories (monitor_state.json, cached positions, generated reports). It does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tzzb-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/tzzb-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.4.0
v2.4.0: 报告重写——结论优先(买\/持有\/减\/止损明确)、成本可视化、止损价透明、次日操作含具体价格、纪律自检清单
v2.3.0
v2.3.0: 移除内置HTTP新闻获取,改为--news参数注入(由cron agent调用web_search获取后传入);修复多处语法和变量缺失bug
v2.2.0
v2.2.0: CDP一次会话获取持仓+交易;交易聚合复盘(加权成本/已实现盈亏/FIFO匹配);早盘含今日交易;新增--feishu格式输出;新增--no-news跳过新闻
v2.1.1
v2.1.1: 移除不必要的 yfinance 依赖,数据全部来自同花顺自带行情
v2.1.0
v2.1.0: 内置 tzzb_parser 代码,无需单独安装解析器,依赖通过 pyproject.toml 自动管理
v2.0.0
v2.0: 重构架构,参照 stock-monitor 模式,支持监控报警、板块识别、配置分离
元数据
常见问题
TZZB Analyzer - Tonghuashun Portfolio Analyzer 是什么?
同花顺投资账本持仓分析工具。自动从同花顺投资账本读取持仓、自选股、交易记录,结合市场行情生成深度分析报告,支持板块分布、风险监控和阈值报警。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。
如何安装 TZZB Analyzer - Tonghuashun Portfolio Analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tzzb-analyzer」即可一键安装,无需额外配置。
TZZB Analyzer - Tonghuashun Portfolio Analyzer 是免费的吗?
是的,TZZB Analyzer - Tonghuashun Portfolio Analyzer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TZZB Analyzer - Tonghuashun Portfolio Analyzer 支持哪些平台?
TZZB Analyzer - Tonghuashun Portfolio Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TZZB Analyzer - Tonghuashun Portfolio Analyzer?
由 qcrcherry(@qcrcherry)开发并维护,当前版本 v2.4.0。
推荐 Skills