← 返回 Skills 市场
Xanadu Portfolio Optimizer
作者
saintlittlefish
· GitHub ↗
· v1.0.0
404
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xanadu-portfolio-optimizer
功能描述
Optimize investment portfolios with rebalancing, risk analysis, tax-loss harvesting, and calculate optimal asset allocation.
安全使用建议
This skill's optimizer code appears to do what it says (portfolio analysis, rebalancing, tax-loss harvesting) and requires network access to fetch prices. However, the repository includes billing code with a hard-coded SkillPay API key and some copy/paste inconsistencies (billing docstring referencing a different product). Before installing or running: (1) Do not run this in a sensitive or production environment until reviewed. (2) Treat the SKILLPAY_API_KEY in scripts/billing_config.py as a leaked secret — rotate it if it belongs to you, and remove hard-coded keys from the repo. (3) Prefer billing configuration via environment variables (not committed files). (4) Audit billing.py usage paths — confirm whether the billing API is actually invoked by your agent flows and whether the key has been used. (5) If you don't need monetization, remove or disable the billing files. (6) Run the code in an isolated sandbox or VM and review network calls (yfinance to Yahoo, and any calls to api.skillpay.me). (7) Contact the skill author (verify identity) or avoid installing until they fix the embedded secret and clarify the billing integration. If you want, I can produce exact remediation steps or help create a safer wrapper that strips billing before use.
功能分析
Type: OpenClaw Skill
Name: xanadu-portfolio-optimizer
Version: 1.0.0
The skill bundle provides legitimate portfolio optimization functionality, including rebalancing, risk analysis, and tax-loss harvesting using the 'yfinance' library. While it includes a monetization component (SkillPay) in 'scripts/billing.py' and 'scripts/billing_config.py' with a hardcoded API key and wallet address (0xF194917738617118dfff40E0542cea20Cf7dDC55), this logic is currently uninvoked by the main 'scripts/optimizer.py' script and appears to be a standard feature of the developer's ecosystem. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The core optimizer (scripts/optimizer.py) implements portfolio analysis, rebalancing, and tax-loss harvesting consistent with the skill description. The repository also includes billing-related files and a Monetization section in SKILL.md, so payment integration is plausible. However, billing.py's module docstring and default SKILL_ID reference a different product ('Social Media Manager'), indicating a copy/paste or packaging inconsistency.
Instruction Scope
SKILL.md instructs running scripts/optimizer.py for analyze/rebalance/harvest; those routines only fetch price data (via yfinance) and perform local calculations and prints. The instructions do not direct the agent to read unrelated system files or to call the billing API. Still, runtime behavior includes network calls to Yahoo Finance (via yfinance) and the repo contains a separate billing module that would contact an external SkillPay API if invoked.
Install Mechanism
No install script is provided (instruction-only skill with bundled scripts). This is low-risk from an installation perspective. The SKILL.md lists reasonable Python dependency requirements (yfinance, numpy, pandas) which match the code usage.
Credentials
The repository contains scripts/billing_config.py with a hard-coded SKILLPAY_API_KEY and OWNER_WALLET (sensitive credential and wallet address), yet the skill metadata declares no required environment variables or credentials. Embedding an API key in code is disproportionate and risky: keys in repo can be abused. Billing code also posts the API key to https://api.skillpay.me/v1, which is expected for monetization but should be configured via environment variables rather than a committed secret. The mismatch between declared requirements (none) and included credentials is a red flag.
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges, and it does not modify other skills or system-wide agent settings. It appears user-invocable only, which is appropriate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xanadu-portfolio-optimizer - 安装完成后,直接呼叫该 Skill 的名称或使用
/xanadu-portfolio-optimizer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of portfolio-optimizer.
- Analyze current portfolio allocation, sector exposure, and performance vs benchmarks.
- Rebalance portfolios with threshold-based, calendar-based, and tax-aware strategies.
- Identify tax-loss harvesting opportunities, with support for wash sale rules and replacement suggestions.
- Provide risk analysis: volatility, drawdown, beta, Sharpe ratio, VaR, and correlations.
- Command-line interface for analyzing, rebalancing, tax-loss harvesting, and risk reporting.
- Supports SkillPay integration with tiered premium features.
元数据
常见问题
Xanadu Portfolio Optimizer 是什么?
Optimize investment portfolios with rebalancing, risk analysis, tax-loss harvesting, and calculate optimal asset allocation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 404 次。
如何安装 Xanadu Portfolio Optimizer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xanadu-portfolio-optimizer」即可一键安装,无需额外配置。
Xanadu Portfolio Optimizer 是免费的吗?
是的,Xanadu Portfolio Optimizer 完全免费(开源免费),可自由下载、安装和使用。
Xanadu Portfolio Optimizer 支持哪些平台?
Xanadu Portfolio Optimizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xanadu Portfolio Optimizer?
由 saintlittlefish(@saintlittlefish)开发并维护,当前版本 v1.0.0。
推荐 Skills