ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ROIC 核心穿透分析工具

v1.0.0

核心ROIC(投入资本回报率)深度分析助手。当用户提到 ROIC、投入资本回报率、资本效率、核心盈利能力、资本回报率分析、穿透ROIC、NOPAT、投入资本计算时自动使用。支持A股、港股、美股上市公司的ROIC精确计算。

0· 66·0 current·0 all-time
by@cgxxxxxxxxxxxx

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cgxxxxxxxxxxxx/roic-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ROIC 核心穿透分析工具" (cgxxxxxxxxxxxx/roic-toolkit) from ClawHub.
Skill page: https://clawhub.ai/cgxxxxxxxxxxxx/roic-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install roic-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install roic-toolkit
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md and the two Python scripts align: they fetch financial statement fields and compute a 'penetration' ROIC. However ancillary files are inconsistent: README and requirements.txt reference a QQ bot (NoneBot/NapCat) and nonebot packages that are unrelated to a ROIC calculator. That mismatch suggests leftover or copied files and reduces confidence in the package hygiene.
Instruction Scope
SKILL.md directs the agent to run the provided scripts, fetch year‑end financials, download and parse annual report PDFs and HTML (东方财富, cninfo, SEC EDGAR), and to manually verify flagged items. Those actions are within the stated purpose and the instructions do not request reading arbitrary user files or environment secrets.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. The code does instruct installing pdf parsing libs (pypdf, pdfplumber) and a requirements.txt is present but lists unrelated nonebot packages. The presence of unrelated dependencies is disproportionate and confusing but not an active install action unless the user runs pip install -r requirements.txt.
!
Credentials
The package requests no environment variables or credentials, which is appropriate. However both scripts make network requests to an external API endpoint (https://www.codebuddy.cn/v2/tool/financedata) and to SEC EDGAR; those calls will transmit the queried stock codes/years and cause downloads to the local filesystem. The finance-data endpoint is a third‑party host of unknown trust level and is not documented in SKILL metadata—this raises data‑exfiltration and privacy questions (even though no explicit secrets are requested). Also SKILL_FULL references use of another skill (neodata‑financial‑search) without declaring it as a dependency.
Persistence & Privilege
always:false and no special system privileges are requested. Scripts will download and cache files (PDF/HTML) locally and write report markdown — expected for this tool. There is no evidence the skill modifies other skills or global agent configuration.
What to consider before installing
This skill appears to implement the advertised ROIC calculations, but take these precautions before installing or allowing autonomous use: - The code calls a third‑party API (https://www.codebuddy.cn/v2/tool/financedata). Verify you trust that endpoint: review its privacy/usage policy and consider running the scripts offline or replacing API calls with a trusted data source. - The repository contains unrelated files (README and requirements.txt referencing NoneBot/QQ bot). Treat this as a sign the package may have been copied or repurposed—inspect the full code locally before running. - The scripts download and write annual report PDFs/HTML to disk. Run them in an isolated environment (container or VM) and check for unintended network destinations or uploads. - If you plan to use this skill automatically, consider disabling autonomous invocation or limiting network access until you’ve audited the code paths that call external services. - If you need higher assurance, ask the author for clarification (official data provider details, justification for requirements.txt contents) or request a trimmed package that only contains the ROIC code without unrelated bot dependencies. What would change this assessment to benign: removal of unrelated bot files, documentation of and assurance about the finance-data API provider (or replacement with a well-known/trusted data source), and explicit declaration of any dependent skills (neodata-financial-search) or installation steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qska2ccpxdaq25037636nx8506qx
66downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@cgxxxxxxxxxxxx
latest
Download

核心 ROIC V2.0 穿透模式

专业资本效率分析工具,运用"实质重于形式"原则,从年报数据中剥离金融资产和非经营性项目,揭示企业真正部署在经营业务上的资本回报。

核心原则:实质重于形式

  • 应付票据 = 有息负债(含隐性资金成本)
  • 长期股权投资 = 拆分:战略投资(保留)vs 基金/财务投资(剔除)
  • 商誉 = 不是经营资产,分母全额剔除
  • 收购无形资产 = 分母剔除账面值,分子加回摊销(税后)
  • 交易性金融负债/衍生金融负债 = 有息负债
  • 发放贷款及垫款/债券投资 = 金融资产,分母剔除
  • 其他流动/非流动资产 = 可能隐藏金融产品,查附注剔除

公式

分子:NOPAT

核心经营利润 = 营业收入 - 营业成本 - 税金及附加 - 销售费用 - 管理费用 - 研发费用
NOPAT = 核心经营利润 × (1 - 实际税率) + 权益法投资收益 × (1 - 税率) + 收购无形资产摊销 × (1 - 税率)
  • 实际税率 = 所得税费用 ÷ 利润总额(禁止估算)
  • 不减财务费用(避免与分母重复)
  • 必须从营业收入起算,不能从净利润倒推

分母:投入资本

投入资本 = 所有者权益合计(含少数股东) + 有息负债 - 金融资产 - 非经营资产
  • 有息负债 = 短期借款 + 一年内到期非流动负债 + 长期借款 + 应付债券 + 应付票据 + 租赁负债 + 交易性金融负债 + 衍生金融负债
  • 金融资产 = 货币资金 + 交易性金融资产 + 其他权益工具投资 + 其他非流动金融资产 + 衍生金融资产 + 定期存款 + 应收款项融资 + 一年内到期非流动资产 + 发放贷款及垫款 + 债券投资
  • 非经营资产 = 商誉 + 投资性房地产 + 收购无形资产 + 长投中财务投资部分

自动化工具

脚本: roic_calc.py

python3 roic_calc.py <股票代码> <年份>
# 例:python3 roic_calc.py 600519.SH 2023-2025

自动从 finance-data API 拉取数据并生成报告。

工作流:

  1. 运行脚本获取基础 ROIC
  2. 对 ⚠️ 项复核(其他流动资产中的金融产品、长投拆分、收购无形资产摊销)
  3. 优先从年报PDF/东方财富HTML获取附注明细
  4. 微调 ROIC,输出最终结果

行业基准

行业优秀良好一般
消费品>25%15-25%8-15%
制造业>15%8-15%5-8%
科技>20%12-20%6-12%

实战踩坑

  • 所有者权益合计 ≠ 归属母公司权益,必须用含少数股东的合计
  • 应付票据是有息负债(无论银行承兑/商业承兑)
  • 长期股权投资不能全扣,只扣基金/理财部分,战略投资保留
  • 收购无形资产需双向处理:分母减账面值 + 分子加摊销
  • 权益法投资收益从API ass_invest_income 字段获取
  • 商誉全额剔除(收购型企业可能超过净资产50%)
  • 一年内到期非流动资产(nca_within_1y)直接剔除
  • API字段名必须小写(oth_eq_invest, oth_illiq_fin_assets)

经验法则

  • ROIC > WACC(通常10-12%)说明创造价值
  • 连续5年ROIC > 15% 通常具备护城河
  • ROIC持续下降需关注竞争格局变化

Comments

Loading comments...