ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dividend Premium Tracker

v1.0.1

Track the dividend premium (dividend yield minus 10-year bond yield) for CSI Dividend Low Volatility Index. Monitor dividend yield, 10-year bond yield, and calculate the premium for investment decisions.

0· 1.2k·1 current·2 all-time
by@gykdly

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gykdly/dividend-premium-tracker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dividend Premium Tracker" (gykdly/dividend-premium-tracker) from ClawHub.
Skill page: https://clawhub.ai/gykdly/dividend-premium-tracker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install gykdly/dividend-premium-tracker

ClawHub CLI

Package manager switcher

npx clawhub@latest install dividend-premium-tracker
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the scripts' functionality: they download index and bond yield data and compute a dividend premium. However, the implementation shows inconsistencies (two different premium calculations: one script uses div_rate - bond_yield, the other uses div_rate * 100 - bond_yield) and assumptions about data units that are not documented. These inconsistencies mean results may be incorrect even though the intended purpose is aligned.
!
Instruction Scope
SKILL.md instructs running the included scripts and optionally setting TELEGRAM_BOT_TOKEN. The scripts access only known public endpoints (csindex and chinabond) and write local CSV/Excel files, which is expected. Concerns: both scripts write to a hard-coded absolute DATA_DIR (/Users/liyi/.openclaw/workspace) rather than a configurable path; monitor script hard-codes TELEGRAM_CHAT_ID = "505395883" (messages would be sent to that chat id if the bot token is accepted); and the code uses os.system/subprocess to call curl. There is no instruction in SKILL.md warning about the hard-coded path or chat id.
Install Mechanism
No install spec; scripts are included as files and rely on Python and curl. This is the lowest-risk install mechanism (nothing is downloaded/installed at runtime by the skill itself).
!
Credentials
No required environment variables are declared, and the SKILL.md mentions an optional TELEGRAM_BOT_TOKEN. That is reasonable for alerts, but the code also hard-codes a TELEGRAM_CHAT_ID. If a user supplies a bot token, the script will attempt to send messages to that hard-coded chat id (likely the developer's), which is unexpected behavior: alerts probably should go to a user-configurable chat id. No other credentials are requested, which is proportional.
Persistence & Privilege
The skill is not set to always:true and does not request elevated system privileges or modify other skills/configs. It writes files to a fixed local path (which is a privilege to write to that path, but not a platform-level persistence flag).
What to consider before installing
This skill implements the advertised tracking but has several red flags you should address before running it with your real data or credentials: 1) Fix the unit/logic inconsistency: the two scripts calculate 'premium' differently (one subtracts, the other multiplies dividend rate by 100), so verify which is correct for your data. 2) Remove or make configurable the absolute DATA_DIR (/Users/liyi/.openclaw/workspace) so files are saved where you expect. 3) Remove the hard-coded TELEGRAM_CHAT_ID or make the chat id configurable: currently alerts target a fixed numeric chat id (likely the developer's), which is unexpected and could leak alerts. 4) Review and fix bugs in generate_excel (there are references to an undefined 'data' and strange chart scale settings) before trusting generated reports. 5) Only set TELEGRAM_BOT_TOKEN if you intend the included bot to send messages and you trust where messages will be delivered; consider testing with a disposable bot and your own chat id first. 6) Run the scripts in a sandbox or test environment first to confirm behavior and outputs. Given the inconsistencies and hard-coded endpoints/paths, treat this as suspicious rather than benign until those issues are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqfre3fyjzn05jpv9mhves180yrdw
1.2kdownloads
0stars
2versions
Updated 12h ago
v1.0.1
MIT-0
@gykdly
latest
Download

Dividend Premium Tracker

Track the dividend premium (dividend yield minus 10-year bond yield) for CSI Dividend Low Volatility Index.

Description

This skill tracks the dividend premium for the CSI Dividend Low Volatility Index (H30269), which is crucial for investment decisions in China's dividend-focused market. The dividend premium represents the excess return of dividend-paying stocks over risk-free bonds.

What It Tracks

  • CSI Dividend Low Volatility Index Dividend Yield - From China Securities Index
  • 10-Year China Government Bond Yield - From Ministry of Finance
  • Dividend Premium = Dividend Yield - Bond Yield

Features

  • 📊 Auto-download and track dividend and bond yield data
  • 📈 Generate Excel reports with clean charts
  • 🔔 Alert when bond yield rises for 3 consecutive days
  • 🔔 Alert when premium drops below 1%
  • 📅 Support for historical data backfill

Commands

Update Today's Data

python3 scripts/update_dividend_premium.py --update

Check Monitoring Alerts

python3 scripts/monitor_dividend_premium.py --check

Backfill Historical Data

python3 scripts/update_dividend_premium.py --backfill 2026-01-01 2026-01-31

Files

dividend-premium-tracker/
├── SKILL.md              # This file
├── scripts/
│   ├── update_dividend_premium.py   # Main update script
│   └── monitor_dividend_premium.py  # Monitoring script
├── references/           # Documentation (optional)
└── assets/              # Output files (optional)

Setup

Telegram Alerts (Optional)

Set Telegram Bot Token for alerts:

export TELEGRAM_BOT_TOKEN="your_bot_token_here"

Cron Job (Daily Update)

crontab -e
# Add line:
0 17 * * * cd /path/to/skill && python3 scripts/update_dividend_premium.py --update

Data Sources

DataSourceURL
Dividend YieldChina Securities IndexH30269 Indicator XLS
Bond YieldMinistry of FinanceChinaBond

Alert Thresholds

ConditionAction
Bond yield rises 3 consecutive daysTelegram alert
Premium < 1%Telegram alert

Requirements

  • Python 3.10+
  • pandas
  • openpyxl
  • xlrd
  • curl (for data download)

Usage Notes

  • Premium is calculated as: Dividend Yield (%) - Bond Yield (%)
  • Premium < 1% suggests potential buying opportunity
  • Premium < 0 indicates dividend stocks are cheaper than bonds
  • Historical data from 2026-01-14 to present included

Related Indices:

  • CSI Dividend Low Volatility Index (H30269/000966)
  • 10-Year China Government Bond

Comments

Loading comments...