Temp Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal local portfolio backtesting and report-generation skill, with only review notes around unpinned Python installs, optional API-key documentation, and local file paths.
Before installing, use a virtual environment, consider pinning package versions, provide your own CSV and output paths, and only configure an API key if you need that provider. Treat generated portfolio results as informational analysis rather than financial advice.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned packages may pull newer or changed dependency versions into the user's Python environment.
The skill asks users to install Python packages without pinned versions. These dependencies are expected for financial analysis and plotting, but the exact package versions and provenance are not constrained.
pip install yfinance pandas numpy matplotlib seaborn plotly
Install in a virtual environment, pin dependency versions where possible, and review packages before installing.
If configured, the API key could consume the user's provider quota or reveal access if pasted into prompts, logs, or shared files.
The documentation mentions an optional Alpha Vantage API key even though the registry metadata declares no required credentials or environment variables. This is purpose-aligned for market data access, but users should treat it as account-linked access.
需要配置API密钥(如使用Alpha Vantage): - ALPHA_VANTAGE_API_KEY=your_key_here
Set the API key only if that data source is actually needed, avoid sharing it in prompts or reports, and rotate it if exposed.
The skill may process a local file path and create report/chart files if invoked with defaults.
The main script uses local input and output paths, including a concrete default CSV path. This is expected for a backtesting tool, but an invocation without explicit arguments may try to read that default file and write generated artifacts to the default output directory.
default=r'C:\\Users\\wu_zhuoran\\.openclaw\\workspace\\data\\marketdata.csv' ... parser.add_argument('--output', type=str, default='./backtest_output'Run it with explicit --csv and --output paths and review generated files before sharing them.
Users may expect online data retrieval that may require extra setup or may not be implemented in the reviewed artifacts.
The documentation advertises several online data-source integrations, while the manifest and visible implementation primarily support local CSV-based analysis. This looks like capability overstatement rather than malicious behavior.
## 数据源 - Yahoo Finance (通过yfinance库) - Alpha Vantage (免费API) - Finnhub (免费层) - CSV文件
Verify which data sources are actually supported before relying on the skill for live market data.