ClawHub

Portfolio Risk Manager

v1.0.1

Thiết lập kỷ luật quản trị danh mục (IPS mini) + position sizing theo risk budgeting cho nhà đầu tư cổ phiếu (không margin), biến khuyến nghị thành “có điều...

0· 1.4k·16 current·19 all-time
byNguyễn Đức Thành@ndtchan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (IPS mini, risk budgeting, position sizing) align with the SKILL.md. Required inputs (ACTIVE_WATCHLIST, MONTHLY_CASH_INFLOW_VND) and optional inputs (HOLDINGS, RISK_PROFILE, CONFIDENCE_MAP) are appropriate and expected for a portfolio risk manager. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly focused on producing an IPS, sizing policy, per-ticker risk plans, rebalance plan, and checklist. One minor ambiguity: SKILL.md says to use 'outputs macro/news/valuation if available' and may consume a CONFIDENCE_MAP from an 'equity-valuation-framework' / orchestrator — it does not declare how those data sources are obtained (other skills, internal tools, or external web). This is not a direct security problem but means the agent could invoke other skills or external lookups to enrich recommendations; you should confirm expected data sources and permissions before relying on live external fetching.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded, minimizing installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Optional inputs are sensible for the domain (holdings, risk profile, confidence map). No secrets or unrelated service tokens are requested.
Persistence & Privilege
Skill is not marked always:true. agents/openai.yaml sets allow_implicit_invocation: true (permitting implicit invocation) and the skill allows model invocation (disable-model-invocation: false) — these are normal for a user-invocable skill but mean the agent may call this skill automatically when appropriate. There is no evidence the skill modifies other skills or system settings.
Assessment
This skill appears coherent and low-risk: it needs no credentials and only uses user-provided portfolio inputs. Before installing or using it, (1) confirm where valuation/news/confidence data will come from (internal tool vs web vs other skills) and whether you consent to those lookups; (2) supply ACTIVE_WATCHLIST and MONTHLY_CASH_INFLOW_VND (and optional HOLDINGS) rather than embedding any brokerage credentials; (3) test outputs on a small or mock watchlist and verify recommendations manually before acting financially; (4) if you want to prevent automatic invocation, disable implicit invocation or the skill in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97endwnregt5hvr2w70dghd8181tah1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments