Fund Ai Assistant
v1.0.2Fund portfolio tracker with AI analysis, multi-agent debate, technical indicators (VaR/Sortino/Calmar), macro monitoring, and rebalancing alerts.
⭐ 0· 13·0 current·0 all-time
bytempest01@tempest-01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (fund portfolio analysis, technical indicators, multi-agent debate, macro monitoring) match the included scripts (analyzer.py, technical.py, ai_analysis.py, debate_analyzer.py, fund_api.py, macro_fetcher.py, etc.). Required credentials (LLM model & API key) are appropriate for the AI analysis capability. Optional push/webhook/SMTP/Tavily settings are coherent with notification and macro-search features.
Instruction Scope
Runtime instructions are explicit: clone repo, set LLM_MODEL/LLM_API_KEY, run analyzer/event_monitor, and optionally schedule tasks. The skill reads local config/positions files and an optional FUND_SCENE_DIR for .md templates; it will send analysis to configured webhooks/SMTP if you set them. SKILL.md includes sensible warnings to inspect llm.py and fund_api.py before first run. Be aware that scheduled/crontab tasks will run the same scripts and therefore will perform network calls (East Money, LLM endpoint, optional Tavily and user-configured push endpoints).
Install Mechanism
There is no automated install spec in the registry (the SKILL.md shows manual git clone and pip install -r requirements.txt). Requirements appear to be standard Python libraries (Pillow, numpy, matplotlib). No unusual or opaque remote downloads, URL shorteners, or archive extraction from unknown hosts were observed in the provided files.
Credentials
Only LLM_MODEL and LLM_API_KEY are required (declared as primary credential). Optional environment variables (LLM_API_BASE, TAVILY_API_KEY, PUSH_WEBHOOK_URL, SMTP_*, BARK_PUSH_URL, QQ_WEBHOOK_URL, FUND_SCENE_DIR) are justified by notification, macro search, and templating features. Important risk: if you set LLM_API_BASE to an untrusted host, your API key and prompts (including fund data) will be sent to that endpoint (SKILL.md and _meta.json explicitly warn about this).
Persistence & Privilege
The skill does not request always:true, does not require system-wide configuration changes, and operates on files within its own directory (config.json, positions.json, assets). It may create/update local config and assets. Scheduled invocation (crontab/OpenClaw) is optional and user-controlled.
Assessment
This package appears to do what it says (local fund analysis + AI). Before installing or running: 1) Review llm.py to confirm which endpoint the code calls and that it does not leak your key to unknown servers; if you must set LLM_API_BASE, point it only at trusted endpoints. 2) Use a dedicated, low-privilege API key with quota limits for LLM_API_KEY. 3) Inspect fund_api.py and macro_fetcher.py to confirm data sources—East Money is expected; look for any unexpected outbound endpoints. 4) Do not configure PUSH_WEBHOOK_URL, SMTP_*, BARK_PUSH_URL, or QQ_WEBHOOK_URL to untrusted endpoints (those will transmit analysis output). 5) FUND_SCENE_DIR should point to a directory you control and must not be set to system or credential directories. 6) Note minor metadata mismatches (several version strings and clone instructions) — the shipped bundle already contains the code, so cloning again is optional; verify the source repository URL before cloning. If you cannot or will not audit llm.py and other network code, avoid supplying high-value API keys or external push endpoints.Like a lobster shell, security has layers — review code before you run it.
aivk97a1cdb5gstbgy5mfa82t6tdh849akzanalysisvk97a1cdb5gstbgy5mfa82t6tdh849akzfundvk97a1cdb5gstbgy5mfa82t6tdh849akzinvestmentvk97a1cdb5gstbgy5mfa82t6tdh849akzlatestvk97a1cdb5gstbgy5mfa82t6tdh849akzportfoliovk97a1cdb5gstbgy5mfa82t6tdh849akz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.