ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jy-position-diagnosis

v1.0.1

专业证券投顾持仓诊断技能,基于恒生聚源 (gildata) MCP 金融数据库生成五维度持仓诊断报告。 覆盖持仓分析、风险舆情、持仓优化、产品推荐、用户画像五大核心模块,所有数据可溯源、带时间戳。 **Triggers when user mentions:** - "持仓诊断"、"持仓分析"、"持仓报告" -...

0· 209·0 current·0 all-time
by@jiayinian

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jiayinian/jy-position-diagnosis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "jy-position-diagnosis" (jiayinian/jy-position-diagnosis) from ClawHub.
Skill page: https://clawhub.ai/jiayinian/jy-position-diagnosis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, npm, mcporter
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jy-position-diagnosis

ClawHub CLI

Package manager switcher

npx clawhub@latest install jy-position-diagnosis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the skill queries Gildata (gildata) MCP services via the mcporter CLI to produce portfolio-diagnosis reports. Requested binaries (node, npm, mcporter) and the declared install of the mcporter npm package are consistent with that purpose. HOWEVER the SKILL.md clearly requires a JY_API_KEY (used in service URLs) but the registry metadata lists no required env vars/primary credential — this metadata omission is inconsistent and should be corrected.
Instruction Scope
SKILL.md confines runtime actions to installing/using mcporter and calling specific MCP endpoints (e.g., AShareLiveQuote, StockNewslist). It does not instruct the agent to read arbitrary system files, other credentials, or exfiltrate data to unexpected endpoints. It instructs the user/agent to request a JY_API_KEY from gildata and to configure mcporter with that token.
Install Mechanism
Install uses an npm package (mcporter) via global installation (npm install -g mcporter). Using npm is a common approach but has moderate risk: packages can execute code during install and global installs modify the host. The skill does not pull from arbitrary URLs or shorteners, but you should verify the mcporter package source, publisher, and integrity before running a global install.
!
Credentials
Operationally the skill requires a JY_API_KEY for gildata MCP access (the SKILL.md repeatedly references configuring services with '?token=你的 JY_API_KEY'), yet the registry metadata declares no required environment variables or primary credential. This mismatch is concerning: users may be prompted at runtime to provide or paste a secret into mcporter config, and the skill metadata gives no explicit indication that a credential is necessary. The skill does not request unrelated credentials, but the missing declaration reduces transparency and increases the risk of accidental token exposure.
Persistence & Privilege
always:false and no OS restrictions — normal. The only persistent effect is installing mcporter (global npm) and storing service URLs/tokens in mcporter's config via 'mcporter config add' (user-configured). That is expected for a CLI-based integration, but global installs and local CLI config storage merit user awareness because tokens will be stored on disk by mcporter.
What to consider before installing
What to consider before installing and using this skill: - Metadata vs runtime mismatch: The SKILL.md requires a JY_API_KEY (MCP service token) but the skill metadata did not declare any required credential — assume you will need to obtain and provide a gildata API key before use. Ask the publisher to add JY_API_KEY to the skill's declared requirements so it's explicit. - Verify mcporter before installing: The skill requires installing mcporter globally (npm install -g mcporter). Confirm the npm package owner, downloads, and repository (who publishes mcporter) and ensure it is the legitimate CLI you expect. Global npm installs can execute scripts and modify your system PATH. - Token handling: mcporter config add will embed the token in a stored URL/config file. Understand where mcporter stores configs and who can access them on your system. Do not reuse high-privilege or long-lived credentials; prefer a scoped key if gildata supports it. - Privacy of application data: To obtain JY_API_KEY the SKILL.md suggests emailing datamap@gildata.com with personal/company details. That is normal for enterprise API provisioning, but be mindful of what personal data you include and how the received key is used/stored. - Least privilege & testing: If possible, test with a low-privilege or sandbox key first. Consider installing mcporter in a contained environment (container or dedicated VM) if you are uncertain about installing global npm packages on a production machine. - Ask the publisher for provenance: There is no homepage or known source listed. If you plan to use this in production, request the skill's publisher identity, the mcporter package repository link, and a signed or reviewed manifest so you can validate trustworthiness. Given the above inconsistencies (missing declared credential and global npm install requirement), exercise caution. The skill appears to do what it claims, but the metadata underspecification and install mechanism justify extra verification before installation.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode, npm, mcporter

Install

Install mcporter via npmnpm i -g mcporter
latestvk970233yys0k1vjak9q1eahynn841nhq
209downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
@jiayinian
latest
Download

【持仓诊断】

专业证券投顾持仓诊断技能,基于恒生聚源 (gildata) MCP 金融数据库,生成五维度持仓诊断报告。

功能范围

本技能支持以下功能:

功能说明
持仓分析持仓结构、资产配置、盈亏情况、所属板块
风险舆情近 7 天风险舆情监控、负面新闻预警
持仓优化减仓/增配建议、调仓策略
产品推荐同类替代产品筛选、优势对比
用户画像投资偏好与风险承受能力分析

查询建议

查询需要具备的要素:

  • 证券名称(如"贵州茅台"、"宁德时代")
  • 持仓数量(如"100 股")
  • 持仓成本(如"成本 1600 元")

查询写法:

请帮我诊断以下持仓:
- 贵州茅台 100 股 成本 1600 元
- 宁德时代 200 股 成本 180 元

查询示例

# 单股票诊断
"请帮我诊断持仓:贵州茅台 100 股 成本 1600 元"

# 多股票持仓
"持仓诊断:
- 贵州茅台 50 股 成本 1700 元
- 五粮液 100 股 成本 150 元"

# 跨行业持仓
"分析以下持仓:
- 贵州茅台 100 股 成本 1600 元
- 宁德时代 200 股 成本 180 元
- 招商银行 300 股 成本 35 元"

# 英文触发
"diagnose my portfolio: Kweichow Moutai 100 shares cost 1600 yuan"
"analyze my holdings"

环境检查与配置

⚠️ 每次使用本技能前,必须先检查 mcporter 安装和 MCP 服务配置状态!

步骤 1:检查 mcporter 是否安装

mcporter --version

如未安装,按以下流程安装:

# 1. 通过 npm 全局安装
npm install -g mcporter

# 2. 验证安装
mcporter --version

步骤 2:检查 MCP 服务配置

# 列出所有已配置的 MCP 服务
mcporter list

预期输出(必须包含以下两个服务):

  • jy-financedata-tool
  • jy-financedata-api

如服务未配置,需要获取 JY_API_KEY 并配置:

2.1 获取 JY_API_KEY

向恒生聚源官方邮箱发送邮件申请签发数据地图 JY_API_KEY,用于接口鉴权。

申请邮箱: datamap@gildata.com

邮件标题: 数据地图 KEY 申请 -XX 公司 - 申请人姓名

正文模板:

• 姓名:
• 手机号:
• 公司/单位全称:
• 所属部门:
• 岗位:
• MCP_KEY 申请用途:
• Skill 申请列表:
• 是否需要 Skill 安装包:(是,邮件提供/否,自行下载)
• 其他补充说明(可选):

申请通过后,恒生聚源将默认发送【工具版和接口版】KEY。

2.2 配置 MCP 服务

# 配置 jy-financedata-tool 服务
mcporter config add jy-financedata-tool --url "https://api.gildata.com/mcp-servers/aidata-assistant-srv-tool?token=你的 JY_API_KEY"

# 配置 jy-financedata-api 服务
mcporter config add jy-financedata-api --url "https://api.gildata.com/mcp-servers/aidata-assistant-srv-api?token=你的 JY_API_KEY"

2.3 验证配置

mcporter list

确认两个服务均显示为 connected 状态。

步骤 3:测试数据获取

# 测试行情查询
mcporter call jy-financedata-api.AShareLiveQuote --query "贵州茅台 实时行情"

# 测试舆情查询
mcporter call jy-financedata-tool.StockNewslist --query "贵州茅台 近 7 天新闻"

如返回数据正常,则配置完成。

工作流程

1. 解析用户持仓

从用户输入中提取证券名称、持仓数量、持仓成本。

2. 环境检查

执行环境检查流程,确保 mcporter 和 MCP 服务配置正常。

3. 数据收集

使用 mcporter call 调用以下工具获取数据:

工具MCP 服务用途
AShareLiveQuotejy-financedata-api获取最新股价、涨跌幅、昨日收盘价
StockDailyQuotejy-financedata-api获取历史行情数据、计算昨日市值
StockQuoteTechIndexjy-financedata-api技术分析指标
CorporateResearchViewpointsjy-financedata-tool近 2 个月券商研报
StockNewslistjy-financedata-tool近 7 天新闻舆情
StockMultipleFactorFilterjy-financedata-api替代产品筛选

4. 生成五维度报告

维度 1:持仓分析

  • 持仓结构表格
  • 资产配置表格
  • 盈亏情况计算

维度 2:风险舆情

  • 近 7 天风险舆情监控
  • 负面新闻预警
  • 对持仓影响评估

维度 3:持仓优化

  • 减仓建议及理由
  • 增配建议及理由
  • 调仓策略

维度 4:产品推荐

  • 同类替代产品筛选
  • 优势对比
  • 风险提示

维度 5:用户画像

  • 投资偏好分析
  • 风险承受能力评估
  • 画像关键词

5. 输出报告

输出 Markdown 格式诊断报告。

可用工具

所有工具调用统一使用 mcporter call 命令,入参均为 query

# 行情查询
mcporter call jy-financedata-api.AShareLiveQuote --query "<证券名称> 实时行情"

# 历史行情
mcporter call jy-financedata-api.StockDailyQuote --query "<证券代码> 历史行情"

# 技术指标
mcporter call jy-financedata-api.StockQuoteTechIndex --query "<证券代码> 技术指标"

# 研报查询
mcporter call jy-financedata-tool.CorporateResearchViewpoints --query "<证券名称> 研报"

# 舆情查询
mcporter call jy-financedata-tool.StockNewslist --query "<证券名称> 近 7 天新闻"

# 替代产品筛选
mcporter call jy-financedata-api.StockMultipleFactorFilter --query "<行业> 选股条件"

工具说明

工具功能典型查询
AShareLiveQuoteA 股实时行情"贵州茅台 实时行情"、"宁德时代 股价"
StockDailyQuote股票日行情"600519 历史行情"、"昨日收盘价"
StockQuoteTechIndex技术指标"600519 MACD RSI"
CorporateResearchViewpoints公司研究观点"贵州茅台 研报"、"券商观点"
StockNewslist股票舆情"贵州茅台 新闻"、"近 7 天舆情"
StockMultipleFactorFilter智能选股"白酒行业 选股"、"低估值 高股息"

报告模板

完整报告模板结构详见 references/template.md

核心模块

  1. 持仓分析表格

    • 证券名称、代码、持仓数量
    • 昨日收盘价、持仓成本
    • 盈亏金额、盈亏比例
    • 所属板块

  2. 资产配置表格

    • 资产类别、市值、占比
    • 行业分布、风险等级

  3. 风险舆情表格

    • 板块名称、舆情标题
    • 发布时间、影响程度
    • 对持仓影响

  4. 持仓优化建议

    • 减仓建议(证券名称、比例、理由)
    • 增配建议(证券名称、比例、理由)

  5. 同类产品推荐

    • 原持仓产品、推荐替代产品
    • 优势对比、风险提示

  6. 用户画像

    • 画像维度、关键词、理由

输出格式

项目说明
默认格式Markdown
存储位置当前会话输出
数据时效行情实时,舆情近 7 天,研报近 2 个月

示例报告

示例报告参考 examples/sample_diagnosis.md

注意事项

  • ⚠️ 报告仅供研究参考,NOT investment advice
  • ⚠️ 所有数据必须来自 GilData MCP (聚源数据库),严禁编造
  • ⚠️ 数据时效性:优先引用 1 个月内的数据
  • ⚠️ 首次使用需完成 JY_API_KEY 配置(配置一次即可)
  • ⚠️ 如未配置 JY_API_KEY,技能将提示并要求用户提供

Troubleshooting

"mcporter: command not found"

# 安装 mcporter
npm install -g mcporter

"MCP server not connected"

# 检查配置
mcporter list
# 如服务缺失,重新配置
mcporter config add jy-financedata-tool --url "https://api.gildata.com/mcp-servers/aidata-assistant-srv-tool?token=你的 JY_API_KEY"

"JY_API_KEY not found"

# 检查环境变量或配置文件
# 如未配置,按"步骤 2.1 获取 JY_API_KEY"流程申请

"Data query timeout"

  • gildata API 可能需要较长时间(30-60 秒)
  • 重试或简化查询条件

"股票名称无法识别"

  • 使用标准证券简称(如"贵州茅台"而非"茅台")
  • 或提供证券代码(如"600519")

References

文件说明
references/template.md完整报告模板结构
references/data_sources.mdMCP 工具使用说明
examples/sample_diagnosis.md示例诊断报告

Comments

Loading comments...