ClawHub

持仓脱水器 / Portfolio Dehydrator

v1.0.1

持仓脱水器 / Portfolio Dehydrator is a Web3 portfolio diagnosis and allocation optimization skill. Use when the user wants Codex to turn a PRD or coding request i...

0· 17·0 current·0 all-time
bySHAO Zhaoru@shaozrrr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match implementation: the skill requests only public-market access (OKX, Gate.io), uses requests/pandas/numpy/scipy for data and optimization, and includes caps/penalty logic consistent with the described objective. No unrelated cloud credentials, system binaries, or config paths are requested.
Instruction Scope
SKILL.md and references specify fetching 4h candles, fallback to Gate.io, mock-data fallback, parsing natural-language weights, and producing a Chinese Markdown report. The instructions do not tell the agent to read unrelated local files, secrets, or to transmit user private keys. They do instruct using local repository files (assets/ and references/) which is expected for an instruction-backed implementation.
Install Mechanism
No external binary downloads; install is a simple 'pip install -r assets/requirements.txt' of common packages (requests, pandas, numpy, scipy) from PyPI. No obscure URLs, extract steps, or IP/personal-host downloads are present.
Credentials
The skill declares no required environment variables or credentials. It accesses public exchange endpoints for market data (OKX/Gate.io) which do not require API keys for public OHLCV in common setups. No additional secrets are requested or implied.
Persistence & Privilege
Manifest flags show no forced/always-on behavior. The skill does not request system-wide configuration changes or cross-skill credentials. Autonomous invocation is allowed by default but combined with no broad privileges or secret access, this is proportionate for a data-analysis skill.
Assessment
This skill appears internally consistent for producing a Web3 portfolio analysis: it fetches public OHLCV from OKX/Gate.io, runs local quant calculations, and emits a Chinese Markdown report. Before installing or running: 1) do not pass any private keys, wallet mnemonics, or confidential credentials to this skill — it does not need them; 2) be aware it will make outbound HTTP requests to exchange APIs (OKX, Gate.io) and may use deterministic mock data if those APIs fail; if your environment restricts network access, run it in a sandbox or review the code (assets/web3_portfolio_optimizer.py) first; 3) dependency installation uses pip and common libraries — consider using a virtual environment; 4) if you need higher assurance, review the remainder of the Python file for any hidden endpoints or file I/O (the provided portion is consistent, but auditing the full file before use is recommended).

Like a lobster shell, security has layers — review code before you run it.

latestvk975y5a20tk9wx2k4wfjscwp3h84p8ab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments