Fund Analyzer Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
The fund-analysis purpose is coherent, but the skill handles sensitive portfolio data, credentials, local code imports, and automatic notifications in ways that need careful review before use.
Install only after reviewing the full scripts, replacing any sample keys with your own scoped credentials, confirming whether holdings will be stored, and disabling or explicitly configuring automatic Feishu/signal notifications. Avoid uploading real portfolio exports unless you accept the local storage and retention behavior.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If exposed through the agent, a malformed user identifier could cause files outside the intended holdings folder to be written, read, or deleted.
The helper constructs file paths directly from user_id and later reads, writes, exports, or deletes those paths. Without validation, a caller-controlled user_id containing path traversal sequences could escape the intended holdings directory.
def get_holdings_file(user_id: str) -> Path:
return HOLDINGS_DIR / f"{user_id}.enc"
...
file_path.unlink()Constrain user_id to a safe fixed pattern, resolve the path, verify it remains under the holdings directory, and avoid exposing delete/export helpers without explicit confirmation.
Running the analyzer may execute unreviewed local code, and a changed or malicious local module could affect results or behavior.
The analyzer imports code from a hard-coded local workspace path, but data_layer is not included in the reviewed file manifest or declared by an install spec.
workspace_dir = Path('/home/admin/.openclaw/workspace')
if str(workspace_dir) not in sys.path:
sys.path.insert(0, str(workspace_dir))
from data_layer import FundAPI, DataAPIPackage and pin the dependency, avoid hard-coded sys.path injection, and declare all runtime dependencies and expected local modules.
Users may unknowingly rely on an exposed/shared provider key, or fail to understand which account credentials the skill needs.
The README shows a concrete key-like value rather than a placeholder, while the registry metadata says no primary credential or env vars are required.
"headers": {
"x-api-key": "rySVkZpwsubI_uExeTZuGg"
}Replace concrete-looking secrets with placeholders, rotate any real exposed key, and declare TTFUND_APIKEY, qieman x-api-key, and any notification credentials in metadata.
A user's fund holdings and losses can remain on disk and may be exposed through local file access, backups, or plaintext exports.
The skill persists sensitive portfolio holdings, stores the encryption key in the same workspace area, and supports plaintext export.
**存储位置**:~/.openclaw/workspace/data/fund-holdings/{user_id}.enc
...
key_file = Path.home() / ".openclaw" / "workspace" / ".fund_holdings_key"
...
导出用户持仓(明文,用于备份)Ask for explicit opt-in before storing holdings, document retention and deletion, set restrictive file permissions, separate key storage from data, and avoid plaintext exports unless the user explicitly requests them.
Fund watchlists or investment signals could be sent to an external collaboration service without the user clearly seeing what is shared and where.
The code documents Feishu push notifications for watchlist-based signal monitoring, but the provided metadata does not define the notification destination, credential, or data boundary.
信号监控:signal_checker.py(watchlist + 信号检测 + 去重 + 飞书推送)
Require explicit setup for any webhook or Feishu destination, show exactly what data will be sent, and keep notification credentials scoped and declared.
Users may over-trust automated financial recommendations, especially if generated as signals rather than in response to a direct request.
The skill includes an explicit authorization rule, but also defines reports that can contain concrete buy/sell-style actions.
报告内容:... 建议操作:[持有/加仓/减仓/卖出] ... 禁止推荐:除非用户明确授权
Keep analysis separate from actionable investment advice, require clear user confirmation for buy/sell recommendations, and prominently retain the financial-risk disclaimer.