Einstein Research — Portfolio Risk Analyzer
v0.1.0Performs a comprehensive, portfolio-level risk analysis. Calculates VaR (Value at Risk), max drawdown, correlation matrix, stress tests against historical cr...
⭐ 0· 74·0 current·0 all-time
byRunByDaVinci@clawdiri-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided code and docs. The script implements VaR (parametric/historical/MC), max drawdown, correlation, stress tests, concentration and beta calculations and uses yfinance for historical prices — all expected for this purpose.
Instruction Scope
SKILL.md expects a CLI "portfolio-risk-analyzer run ..." but the repository provides scripts/portfolio_risk.py and README usage invoking python3 scripts/portfolio_risk.py. That is a minor inconsistency: there is no provided installer or wrapper that registers a 'portfolio-risk-analyzer' command. Otherwise, runtime instructions (read portfolio CSV/JSON, fetch historical prices, produce JSON/Markdown reports) stay within the stated scope and only access portfolio files and Yahoo Finance via yfinance.
Install Mechanism
There is no install spec (instruction-only), but a full Python script is included that requires third-party packages (yfinance, numpy, pandas, scipy). Installing those packages via pip is required to run the code; the package sources are public PyPI libraries. No downloads from untrusted URLs or obfuscated installers were found.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The only network calls are to Yahoo Finance through yfinance and to fetch asset metadata (yf.Ticker.info), which is consistent with the stated behavior. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It does not attempt to enable itself persistently or write to global agent config. Autonomous invocation (default) is allowed but not excessive for this type of skill.
Assessment
This package appears to implement the risk analyses it claims and does not ask for unrelated credentials, but consider the following before installing or running:
- The script requires Python plus yfinance/numpy/pandas/scipy; install packages from PyPI in a controlled environment (virtualenv).
- The SKILL.md references a CLI name that isn't provided; run the included script (python3 scripts/portfolio_risk.py) per README.
- The script fetches data from Yahoo Finance (network access). If you run it in a sensitive environment, be aware it will make outbound requests to retrieve price and metadata via yfinance.
- Review the code yourself if you will feed it sensitive exports (account numbers, personally identifying info). The tool only reads portfolio files you supply and writes local JSON/MD reports — it does not contain obvious exfiltration to third-party endpoints.
- For heavy Monte Carlo runs, consider CPU/time impact and run in an environment where resource usage is acceptable.
If you need higher assurance, run the script in an isolated container and inspect network traffic or dependency install logs before providing private portfolio files.Like a lobster shell, security has layers — review code before you run it.
latestvk97ehc2e5pv9zj4ewp8efjzad983d9xz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.