Portfolio Monitor | 投资组合监控
v1.0.0定期监控投资组合,检查持仓公司基本面变化,生成周报
⭐ 0· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description match the runtime instructions: periodic monitoring of holdings, fundamentals, valuation, news, and generation of a weekly report. Requested actions (fetch prices, check financial reports, monitor news) are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to obtain holdings from a 'user-provided holdings list' and to fetch data via 东方财富/新浪财经 APIs and by crawling company reports and news. It does not instruct the agent to read unrelated local files or secrets, but it is vague about where the holdings list should come from (file path, direct user input, or pasted data) and does not define which exact endpoints or accounts to use for paid/subscribe research reports. The open-ended '爬取' (crawl) and '监控新闻源、研报' steps grant broad discretion about which sites to access and how frequently, which could have operational or terms-of-service implications.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That is the lowest-risk installation model and matches the declared metadata.
Credentials
No environment variables, credentials, or binaries are declared, yet the instructions expect calling third-party APIs and web crawling. That may be fine if only public endpoints are used, but if paid APIs, rate-limited endpoints, or news/研报 subscriptions are required, credentials or API keys would ordinarily be needed but are not declared. The skill therefore under-specifies any credentials it may need and gives the agent broad network access to gather external data.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not declare modifying other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with additional privileges, so no elevated persistence concerns are present.
Assessment
This skill appears to do what it says — monitor holdings and produce a weekly report — but it is vague about where data and credentials come from. Before installing or enabling it: (1) confirm how you will supply your holdings (do not paste secrets into chats unless you trust storage/retention policies); (2) ask the skill author which APIs/endpoints will be used and whether any paid subscriptions or API keys are required; (3) verify where gathered data (reports, scraped pages, generated reports) will be stored or sent; (4) be aware that aggressive web crawling can violate site terms of service or trigger rate limits — ask for limits and polite scraping behavior; and (5) limit network/agent permissions if you are uncomfortable allowing automatic external data fetching until the integration details are clarified.Like a lobster shell, security has layers — review code before you run it.
latestvk97adypm7fjzn8d9cx3mwg5rnh83sv2h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.