ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pyfolio Performance

v0.3.2

基于 pyfolio-reloaded 的投资组合绩效分析:一键生成 tear sheet(夏普、回撤、 年化、换手、个股往返交易、行业归因)。适用于回测后的标准化报告。

0· 94·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/pyfolio-performance.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pyfolio Performance" (tangweigang-jpg/pyfolio-performance) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/pyfolio-performance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pyfolio-performance

ClawHub CLI

Package manager switcher

npx clawhub@latest install pyfolio-performance
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, use cases and included reference content are consistent with a pyfolio-style performance/tear-sheet tool for backtest results. However SKILL.md declares 'Requires Python 3.12+ with uv package manager' while the registry metadata lists no required binaries or env vars — a packaging inconsistency. The SKILL.md also references a LICENSE.txt that is not present in the manifest.
!
Instruction Scope
SKILL.md contains runtime directives and preconditions that instruct the agent to run local Python checks and potentially install packages (e.g., 'python3 -c ...', 'pip install zvt'). It also mandates re-reading seed.yaml at execution time and references local data dirs (ZVT_HOME). These instructions are relevant to the skill's purpose but give the agent discretion to execute package installs and write/read local files; the skill does not declare an explicit install recipe or list of dependencies, so the exact runtime actions are under-specified.
Install Mechanism
There is no declared install spec (instruction-only), which lowers supply-chain risk. But SKILL.md implicitly expects Python 3.12+ and the 'uv' package manager and suggests using pip to install 'zvt' if checks fail — so runtime will likely perform package installs without a reviewed install manifest. That gap is a minor risk (unreviewed runtime installs).
Credentials
The skill declares no required environment variables or credentials, which matches that it is an offline analysis/reporting tool. Nevertheless, instructions reference ZVT_HOME and recommend recorders/data providers (eastmoney, joinquant, baostock, akshare, qmt). Use of some data providers (e.g., joinquant/qmt) may require external accounts/credentials in practice, but none are requested up-front — this is under-specified and could prompt the agent to ask for or attempt to use credentials at runtime.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request to be always-enabled nor attempts to modify other skills. It does instruct writing/reading local data directories (ZVT_HOME), which is expected for a backtesting/reporting tool.
What to consider before installing
This skill appears to be a coherent finance backtest/tear-sheet helper, but the packaging is sloppy and some runtime actions are underspecified. Before installing or invoking it: 1) Confirm you trust the skill source (homepage is missing). 2) Expect the agent may run Python commands and install packages (it references pip/zvt/uv) and will read/write a local ZVT_HOME — run it in a sandbox or disposable environment. 3) Verify the missing LICENSE.txt and any dependency list (ask the author for a requirements list or a proper install spec). 4) Do not provide unrelated credentials; if you plan to use paid data providers (joinquant/qmt), supply their keys only after verifying why and where they are used. 5) If you need higher assurance, request a version with an explicit install manifest (requirements.txt or lockfile) and a source/homepage you can audit.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk97cfxjkd6k1r0emf9egcsyp2985djhvdoramagic-crystalvk97cfxjkd6k1r0emf9egcsyp2985djhvfinancevk97cfxjkd6k1r0emf9egcsyp2985djhvlatestvk97cfxjkd6k1r0emf9egcsyp2985djhvperformancevk97cfxjkd6k1r0emf9egcsyp2985djhvportfoliovk97cfxjkd6k1r0emf9egcsyp2985djhv
94downloads
0stars
3versions
Updated 4d ago
v0.3.2
MIT-0
Tang Weigang@tangweigang-jpg
analyticsdoramagic-crystalfinancelatestperformanceportfolio
Download

Pyfolio 业绩分析 (pyfolio-performance)

给你的回测结果一键出 tear sheet——夏普、回撤、年化、换手、行业归因 全套图表,不用自己画。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (7 total)

Sphinx Documentation Deployment (UC-101)

Automates the build and deployment of Sphinx-generated documentation for the pyfolio library, ensuring consistent documentation deployment across envi Triggers: documentation, deploy, sphinx

Sphinx Documentation Configuration (UC-102)

Configures Sphinx documentation build settings including theme, extensions, and project metadata for generating pyfolio library documentation Triggers: documentation, sphinx config, configuration

Round Trip Trade Analysis with Tear Sheets (UC-103)

Analyzes individual round trip trades (entry/exit) in a portfolio, computing profitability metrics by trade and sector to understand trading efficienc Triggers: round trip, trade analysis, tear sheet

For all 7 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (25 total)

  • AP-ZVT-183: 除权因子为 inf/NaN 时直接参与乘法导致复权静默失败
  • AP-ZVT-179: 第三方数据接口超限后异常被吞噬,数据静默缺失
  • AP-ZVT-183B: HFQ(后复权)与 QFQ(前复权)K 线表使用错误导致因子计算漂移

All 25 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-106. Evidence verify ratio = 41.5% and audit fail total = 16. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md25 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-106 blueprint at 2026-04-22T13:00:50.454770+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...