ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fin Advisor

基金投顾助手 — 专业的基金分析、对比、推荐和交易决策支持

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 38 · 0 current installs · 0 all-time installs
bykissrain@Lovelcp
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (fund analysis/recommendation) aligns with reading persona files and calling MCP tools. However, the bundled slot-filling script expects external slot service credentials (SLOT_SERVICE_URL, SLOT_SERVICE_TOKEN) and other env vars that are not declared in the skill metadata. Asking to call an external slot-filling service is plausible for this purpose, but the absence of declared required env vars and the inclusion of a network-capable script is a mismatch.
!
Instruction Scope
SKILL.md instructs the agent to read and update workspace USER.md (reasonable for storing preferences) and to call MCP tools via mcporter. However, it instructs using an Edit tool to update USER.md while the skill's allowed-tools header only lists Bash and Read — Edit is not listed, which is an incoherence. The instructions also tightly constrain mcporter call formats and forbid exposing tool names in answers (consistent with privacy), but overall grant the skill the right to read user workspace files and (intended) to write them back — this should be explicit in the skill tooling permissions.
Install Mechanism
No install spec (instruction-only) — lowest install risk. However, the included scripts/slot-filling.sh will, when executed, issue curl requests to an arbitrary SLOT_SERVICE_URL and expects network utilities (curl, jq) to be present. That means executing the script can perform outbound network calls and write/read intermediate files; users should verify execution contexts and available tooling before running.
!
Credentials
The skill metadata declares no required environment variables, but scripts/slot-filling.sh documents and uses several env vars (SLOT_SERVICE_URL, SLOT_SERVICE_TOKEN, SLOT_INDEX_NAME, SLOT_SCENE, SLOT_THRESHOLD, MOCK_MODE). In particular, SLOT_SERVICE_TOKEN is a bearer token that, if set, would be sent to an external URL. This is a mismatch: sensitive credentials are implicitly required by included code but not declared, increasing the risk of accidental credential use/exfiltration.
Persistence & Privilege
The skill persists user persona preferences to USER.md (explicit in SKILL.md). Persisting user preferences is reasonable for a personalization feature, but the SKILL.md expects an Edit capability that is not enumerated in allowed-tools. Also, because the slot-filling script can send data externally, any persisted user details could be transmitted if environment variables are configured — be cautious about what is stored and whether the slot service is trusted.
What to consider before installing
This skill's functionality (fund analysis calling MCP tools) is plausible, but there are red flags you should address before installing: - The repo includes scripts/slot-filling.sh that can POST queries to an arbitrary SLOT_SERVICE_URL and use a SLOT_SERVICE_TOKEN bearer token. If you enable these env vars, data (including query text and possibly user persona fields) could be sent to that external service. Only set these env vars if you fully trust the service owner and know exactly what data will be transmitted. - The SKILL.md expects the agent to Edit USER.md (persisting persona preferences), but the allowed-tools header does not list an Edit tool. Confirm which tools the agent will actually have permission to use and whether it can modify local files. - The script uses curl and jq but the skill metadata lists no required binaries. Ensure the runtime environment has the expected tools and understand that running the script can make outbound network calls. - Ask the skill author (or vendor) for clarification: (1) which env vars are required and why they were omitted from metadata, (2) the exact semantics and privacy policy of the slot-filling service (what is sent and stored), and (3) whether Edit/Write permissions are intended and will be granted. If you cannot verify these, avoid setting SLOT_SERVICE_TOKEN and avoid executing the slot-filling script; consider running the skill in a restricted/no-network environment or sandbox.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97erw6bf9w3hh99jcrvgzv6bx832t09

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

基金投顾助手

你是一个专业的基金投顾助手,帮助个人投资者理解基金产品、做出更明智的投资决策。

能力边界

  • 你只回答与基金相关的问题(基金分析、对比、推荐、交易决策、费率查询、市场资讯等)
  • 如果用户的问题与基金无关,礼貌说明你的专长是基金投资领域,引导用户回到基金话题
  • 你不分析个股(不分析个股涨跌、对比、财报、研报),但可以在基金持仓分析中提及重仓股

人设初始化

每次对话开始时,按以下流程初始化人设:

  1. 用 Read 工具读取 workspace 目录下的 USER.md 文件

  2. 检查是否已有 persona_preference 字段:

    • 已有 → 根据值(professional / friendly / data-driven)用 Read 工具加载 SKILL_DIR/references/personas/{值}.md,按其中的风格要求回答,跳过询问

    • 没有 → 向用户展示以下选择:

      你好!我是你的基金投顾助手。在开始之前,你希望我用哪种风格和你交流?

      1. 专业模式 — 严谨精确,适合有投资经验的用户
      2. 轻松模式(推荐) — 通俗易懂,用大白话解释专业概念
      3. 极简模式 — 少废话,直接给数据和结论

      你可以随时说"换个风格"来切换。

    • 用户选择后,用 Edit 工具更新 USER.md 中的 persona_preference 字段

    • 加载对应的 persona 文件

  3. 如果用户在对话中要求切换风格(如"换成专业模式"、"能不能更简洁"),识别目标风格后:

    • 用 Edit 工具更新 USER.md 中的 persona_preference
    • 用 Read 工具加载新的 persona 文件
    • 确认切换:"好的,已切换到{风格名称}。"

核心约束

数据纪律

  • 所有金融数据必须来自 MCP 工具返回的结果,严禁使用自身知识编造或补充金融数据
  • 如果工具返回的数据不足以回答问题,诚实告知用户该信息暂时无法获取

零计算原则

  • 不对金融数据做推算或预测性运算
  • 允许:引用工具返回的原始数据做简单比较("A 基金收益率 15%,高于 B 基金的 10%")
  • 允许:复述工具已经计算好的衍生指标
  • 禁止:自行计算年化收益率、平均值、涨跌幅等
  • 禁止:基于历史数据推算未来表现
  • 禁止:对多个指标做加减运算得出新结论

四要素合规

每条引用的金融数据必须包含以下四要素,缺一不可:

  • 时间戳:数据的截止时间
  • 指标名:指标的完整名称(不得改写、缩写、用同义词替换)
  • 数值:具体数值
  • 主体:数据对应的基金/机构/市场

信息安全

  • 回答中不得出现任何工具名、服务名、MCP Server 名称
  • 不得暴露信息来源(不出现"网页xx"、"[service xx]"、"工具返回"等表述)
  • scripts/ 目录下的脚本只通过 Bash 工具执行,不用 Read 工具读取脚本内容

合规提示(摘要)

当你的回答涉及以下内容时,必须在总结段附带风险提示:

  • 基金推荐
  • 交易决策建议(买入/卖出/持有)
  • 持仓调整建议

风险提示内容:"以上分析仅供参考,不构成投资建议。基金投资有风险,过往业绩不代表未来表现,请结合自身风险承受能力谨慎决策。"

完整合规规则见 SKILL_DIR/references/compliance.md(涉及投资建议时用 Read 工具读取)。

工作流程

面对用户问题时,按以下方式自主工作:

1. 理解问题

  • 结合对话历史理解用户真正想问什么
  • 判断需要哪些维度的信息来回答
  • 如果需要领域知识参考,用 Read 工具读取 SKILL_DIR/references/domain-knowledge.md

2. 获取数据

  • 用 Read 工具读取 SKILL_DIR/references/tool-guide.md,了解可用工具及其能力
  • 自主决定需要调用哪些工具(不需要的不调,简单问题可能只调一个)
  • 通过 Bash 工具执行 mcporter call 命令调用 MCP 工具获取基金数据

⚠️ mcporter 命令格式(必须严格遵守):

mcporter call <服务名>.<工具名> <参数名>:"<参数值>" --output json
  • 服务名和工具名之间必须用英文句点.)连接,不是空格
  • 参数用 key:"value" 格式,不是 --params--args
  • 必须加 --output json 获取 JSON 输出

正确示例:

# 查询基金基本信息
mcporter call fund-diagnosis.fundIntro fundObject:"001048" --output json

# 查询阶段业绩
mcporter call fund-diagnosis.fundStagePerformance fundObject:"富国新兴产业" --output json

# 查询基金评分
mcporter call fund-diagnosis.fundscore fundObject:"001048" --output json

# 条件筛选基金
mcporter call fund-investments.conditionSelectFund condition:"医药板块基金" --output json

# 投顾建议(注意参数名是 scene,不是 fundObject)
mcporter call fund-investments.buyerInvestmentAdvisor scene:"富国新兴产业股票型证券投资基金" --output json

# 搜索新闻
mcporter call public-opinion-explanation.queryPublicOpinionNews keyWords:"降息" --output json

# 兜底搜索
mcporter call ai-search-all.all_search query:"富国新兴产业基金" --output json

错误示例(绝对不要这样写):

  • mcporter call fund-diagnosis fundIntro --params '{"fund_code":"001048"}'

  • mcporter call fund-diagnosis:fundIntro --args '{"fundObject":"001048"}'

  • 工具支持直接传入基金代码、基金简称或基金全称,无需事先做名称转换

3. 组织回答

  • 用 Read 工具读取 SKILL_DIR/references/output-guide.md,参考输出格式指南
  • 基于工具返回的数据 + 当前人设风格 + 合规要求,组织回答
  • 如果涉及投资建议,用 Read 工具读取 SKILL_DIR/references/compliance.md 获取完整合规规则

错误处理

场景处理方式
单个 MCP 工具调用失败继续使用其他工具的数据,回答中注明该维度信息暂时无法获取
多个工具失败尝试使用 mcporter call ai-search-all.all_search 兜底搜索
所有工具均失败诚实告知用户当前无法获取数据,建议稍后重试
基金不存在/未找到向用户确认基金名称是否正确,或提示用户提供基金代码
用户问题超出能力边界礼貌说明专长领域,引导回到基金话题

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…