Skillv1.0.2

VirusTotal security

投资组合分析技能 · External malware reputation and Code Insight signals for this exact artifact hash.

Scanner verdict

BenignApr 30, 2026, 4:35 AM

Hash: 3634442754a9f9853d072bbc3ecd31c7bf2cba69e27ef5a0c3490fbd12487c82
Source: palm
Verdict: benign
Code Insight: Package: 投资组合分析回测 (xpi) Version: 1.0.0 Description: 根据提供的标的和策略，进行组合构建和回测分析 The package '投资组合分析回测' (financial-analysis-skill) is a Python-based tool designed for local portfolio analysis and backtesting using the risk parity strategy. The code primarily uses standard data science libraries (pandas, numpy, matplotlib, seaborn) to load data from local CSV files, perform financial calculations (rolling volatility, weights, returns, performance metrics), and generate text reports and charts. Crucially, the `manifest.json` and dedicated `NETWORK_SECURITY.md` file explicitly state that the skill is local-only, does not perform any network requests, does not require any API keys, and does not upload any data. A thorough review of the Python source code (`optimized_main.py` and `optimized_risk_parity_skill.py`) confirms these declarations, as there are no imports of network-related libraries (e.g., `requests`, `urllib`, `socket`, `yfinance`) nor any calls that would initiate external communication. File system access is limited to reading the specified input CSV and writing output reports and charts to a user-defined local directory. The documentation also addresses previous review comments, reinforcing the local-only nature of the skill. There are no indications of malicious activities such as data exfiltration, arbitrary code execution, or unauthorized system access. The package's functionality aligns entirely with its stated purpose of offline financial analysis.
External report: View on VirusTotal