ClawAudit verdict
xiaohongshu
xhs-cn
$15,GOOGL:10 --tax-loss-threshold "200" ``` ## Advanced Usage ### 1. Portfolio Analysis Analyze your portfolio: ```bash python scripts/optimizer.py analyze --holdings AAPL:10,MSFT:15,GOOGL:5 ``` ### 2. Rebalance Portfolio Rebalance to target allocation: ```bash python scripts/optimizer.py rebalance --holdings AAPL:10,MSFT:15,GOOGL:5 --target "AAPL:30,MSFT:30,GOOGL:40" ``` ### 3. Tax-Loss Harvesting Harvest tax losses: ```bash python scripts/optimizer.py harvest --holdings AAPL:-500,MSFT:200 ``` ## Output ### Analysis Report ```text Portfolio Analysis Report: - Current holdings: AAPL: 10, MSFT: 15, GOOGL: 5 - Allocation: AAPL: 33.33%, MSFT: 50%, GOOGL: 16.67% - Risk metrics: volatility = 15.2%, beta = 1.2 ``` ### Rebalance Report ```text Rebalance Report: - Target allocation: AAPL: 30%, MSFT: 30%, GOOGL: 40% - Trades: sell 3.33% AAPL, buy 13.33% GOOGL ``` ### Tax-Loss Harvesting Report ```text Tax-Loss Harvesting Report: - Sold AAPL at $150 (loss: $500) - Bought MSFT at $200 (gain: $200) ``` ## Notes - This skill is for educational purposes only. - Not a financial advisor. - Cryptocurrency not supported. - No liability for losses.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
HTTP request to bare IP address โ common in malicious payloads
scripts/xhs_client.py ยท prose ยท downgraded ยท http://127.0.0.1
Python os.environ.get โ reads environment variable
scripts/xhs_client.py ยท prose ยท downgraded ยท os.environ.get(
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.