AI Risk Assessment
v1.0.0Provides portfolio risk metrics, stress testing, and position management advice using VaR, CVaR, volatility, Beta, Sharpe ratio, and Kelly formula.
⭐ 0· 172·1 current·1 all-time
by@gbabyzs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, SKILL.md, and the Python implementation align: the code uses akshare to fetch market data and computes VaR and simple position suggestions. Minor inconsistencies: skill.json exports include "stress_test" which is not implemented in risk_assessment.py, and SKILL.md example uses parameter name "stock_code" while the function signature uses "code". These look like packaging/documentation oversights rather than malicious behavior.
Instruction Scope
SKILL.md only instructs installing dependencies and calling the provided functions. The code performs network calls via the akshare library to fetch market data (expected for a market-risk tool). There are no instructions to read unrelated system files, environment variables, or transmit data to arbitrary endpoints beyond what akshare does.
Install Mechanism
No install spec is provided (instruction-only), and the README suggests pip installing akshare, pandas, numpy, scipy — reasonable for this function. Recommendation: pin dependency versions before installing; review akshare as a third-party package because it performs network I/O.
Credentials
The skill requests no environment variables, credentials, or config paths. That matches its stated purpose and is proportionate.
Persistence & Privilege
always is false and there is no code that modifies other skills or agent-wide configuration. The skill does not request elevated persistence or privileges.
Assessment
This appears to be a straightforward risk-assessment helper, but take a few precautions before installing and using it with real capital: (1) Fix or confirm packaging inconsistencies — skill.json exports "stress_test" though no such function exists; ask the author or remove the extra export. (2) Pin dependency versions (pip install akshare==<version>, pandas, numpy, scipy) and audit the akshare package — it performs network requests to fetch market data, so confirm its data sources and trustworthiness. (3) Run the skill in a sandbox or test environment first and validate outputs on known data. (4) Review akshare's upstream code or network behavior if you care about data exfiltration or privacy. (5) If you plan to integrate this with automated agents, consider limiting automatic invocation until you’ve vetted the package. These steps reduce risk; the package itself shows no signs of trying to access unrelated credentials or system resources.Like a lobster shell, security has layers — review code before you run it.
latestvk972js90thx12q8y2zk9c2fw2182z5y6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.