Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

nsimonfr/ghostfolio

Name: ghostfolio
Author: nsimonfr

rpi5/openclaw/skills/ghostfolio/SKILL.md

npx skillsauth add nsimonfr/nic-os ghostfolio

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Ghostfolio

Use this skill when the user asks about Ghostfolio portfolio metrics, holdings, dividends, or API troubleshooting.

Environment Variables

# Prefer local access when available
export GHOSTFOLIO_BASE_URL="http://127.0.0.1:3333"
# Optional remote example:
# export GHOSTFOLIO_BASE_URL="https://rpi5.gate-mintaka.ts.net:8444"

# Long-lived token supplied by user/admin
export GHOSTFOLIO_TOKEN="..."

# Optional but recommended
export GHOSTFOLIO_TIMEZONE="Europe/Paris"

Auth Modes

Ghostfolio setups can differ. Support both modes:

Mode A — Direct bearer (works in some environments)

AUTH_HEADER="Authorization: Bearer $GHOSTFOLIO_TOKEN"

Mode B — Anonymous exchange (required in some environments)

AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
  -H 'Content-Type: application/json' \
  --data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" \
| jq -r '.authToken')

[ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] || {
  echo "Failed to obtain authToken" >&2
  exit 1
}

AUTH_HEADER="Authorization: Bearer $AUTH_TOKEN"

Endpoint Templates

Portfolio performance

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v2/portfolio/performance?range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Holdings

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/holdings?range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Dividends

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/dividends?groupBy=month&range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Quick connectivity + auth probe

# 1) Try direct bearer first
for ep in \
  '/api/v2/portfolio/performance?range=ytd' \
  '/api/v1/portfolio/holdings?range=ytd' \
  '/api/v1/portfolio/dividends?groupBy=month&range=ytd'
do
  code=$(curl -s -o /tmp/gf_probe.json -w '%{http_code}' "$GHOSTFOLIO_BASE_URL$ep" \
    -H "Authorization: Bearer $GHOSTFOLIO_TOKEN" \
    -H 'Accept: application/json' \
    -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE")
  echo "direct $ep -> $code"
done

# 2) If direct is 401/403, try anonymous exchange
AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
  -H 'Content-Type: application/json' \
  --data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" | jq -r '.authToken')

echo "anonymous exchange token present: $([ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] && echo yes || echo no)"

Troubleshooting

401 Unauthorized
- Token invalid for this auth mode, token expired, or wrong token type.
- Try the other auth mode (direct vs anonymous exchange).
403 Forbidden
- Token recognized but not authorized for the requested resources.
- Verify account/environment and permissions.
Timezone inconsistencies
- Send x-ghostfolio-timezone (or at least Timezone) explicitly.
Connectivity issues
- Prefer local URL (http://127.0.0.1:3333) if service runs locally.
- For remote TLS diagnostics only, temporary curl -k can help.

Safety Notes

Never print or commit real tokens in logs/docs.
Keep tokens in environment variables only.
Use curl -fsS so HTTP/API errors are not silently ignored.

nsimonfr/ghostfolio

rpi5/openclaw/skills/ghostfolio/SKILL.md

Manage and query Ghostfolio portfolio data (performance, holdings, dividends) using API endpoints and token auth patterns.

development

Updated Apr 9, 2026

$ install --global

skillsauth

npx skillsauth add nsimonfr/nic-os ghostfolio

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 9, 2026, 2:19 AM13.6s1 file scanned

SKILL.md

name:: ghostfolio
description:: Manage and query Ghostfolio portfolio data (performance, holdings, dividends) using API endpoints and token auth patterns.
metadata:: {"openclaw":{"emoji":"👻","requires":{"env":["GHOSTFOLIO_TOKEN"]},"primaryEnv":"GHOSTFOLIO_TOKEN"}}

Ghostfolio

Use this skill when the user asks about Ghostfolio portfolio metrics, holdings, dividends, or API troubleshooting.

Environment Variables

# Prefer local access when available
export GHOSTFOLIO_BASE_URL="http://127.0.0.1:3333"
# Optional remote example:
# export GHOSTFOLIO_BASE_URL="https://rpi5.gate-mintaka.ts.net:8444"

# Long-lived token supplied by user/admin
export GHOSTFOLIO_TOKEN="..."

# Optional but recommended
export GHOSTFOLIO_TIMEZONE="Europe/Paris"

Auth Modes

Ghostfolio setups can differ. Support both modes:

Mode A — Direct bearer (works in some environments)

AUTH_HEADER="Authorization: Bearer $GHOSTFOLIO_TOKEN"

Mode B — Anonymous exchange (required in some environments)

AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
  -H 'Content-Type: application/json' \
  --data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" \
| jq -r '.authToken')

[ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] || {
  echo "Failed to obtain authToken" >&2
  exit 1
}

AUTH_HEADER="Authorization: Bearer $AUTH_TOKEN"

Endpoint Templates

Portfolio performance

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v2/portfolio/performance?range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Holdings

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/holdings?range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Dividends

curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/portfolio/dividends?groupBy=month&range=ytd" \
  -H "$AUTH_HEADER" \
  -H 'Accept: application/json' \
  -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE" \
| jq .

Quick connectivity + auth probe

# 1) Try direct bearer first
for ep in \
  '/api/v2/portfolio/performance?range=ytd' \
  '/api/v1/portfolio/holdings?range=ytd' \
  '/api/v1/portfolio/dividends?groupBy=month&range=ytd'
do
  code=$(curl -s -o /tmp/gf_probe.json -w '%{http_code}' "$GHOSTFOLIO_BASE_URL$ep" \
    -H "Authorization: Bearer $GHOSTFOLIO_TOKEN" \
    -H 'Accept: application/json' \
    -H "x-ghostfolio-timezone: $GHOSTFOLIO_TIMEZONE")
  echo "direct $ep -> $code"
done

# 2) If direct is 401/403, try anonymous exchange
AUTH_TOKEN=$(curl -fsS "$GHOSTFOLIO_BASE_URL/api/v1/auth/anonymous" \
  -H 'Content-Type: application/json' \
  --data "{\"accessToken\":\"$GHOSTFOLIO_TOKEN\"}" | jq -r '.authToken')

echo "anonymous exchange token present: $([ -n "$AUTH_TOKEN" ] && [ "$AUTH_TOKEN" != "null" ] && echo yes || echo no)"

Troubleshooting

401 Unauthorized
- Token invalid for this auth mode, token expired, or wrong token type.
- Try the other auth mode (direct vs anonymous exchange).
403 Forbidden
- Token recognized but not authorized for the requested resources.
- Verify account/environment and permissions.
Timezone inconsistencies
- Send x-ghostfolio-timezone (or at least Timezone) explicitly.
Connectivity issues
- Prefer local URL (http://127.0.0.1:3333) if service runs locally.
- For remote TLS diagnostics only, temporary curl -k can help.

Safety Notes

Never print or commit real tokens in logs/docs.
Keep tokens in environment variables only.
Use curl -fsS so HTTP/API errors are not silently ignored.

Related Skills

nsimonfr/immich-memories

databases

VerifiedTrustedCommunity

Query today's Immich "on this day" memories and print a summary picoclaw can relay. Use when the user asks about Immich memories, on-this-day, or a recap of past photos from today's date.

SKILL.mdUpdated May 27, 2026

nsimonfr/immich-memories

nsimonfr/wiki-process

documentation

VerifiedTrustedCommunity

Promote items from Wiki/Inbox into curated Wiki/Pages, merging or creating as Wiki/Schema dictates

SKILL.mdUpdated May 15, 2026

nsimonfr/wiki-process

nsimonfr/wiki-lint

development

VerifiedTrustedCommunity

Audit the LLM Wiki for orphans, broken links, duplicates, and stale facts; write a report page

SKILL.mdUpdated May 15, 2026

nsimonfr/wiki-ingest

documentation

VerifiedTrustedCommunity

Drop a URL or pasted note into the LLM Wiki Inbox in AFFiNE

SKILL.mdUpdated May 15, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/nsimonfr/nic-os.git

# Copy into Claude Code skills folder (global)
cp -r nic-os/rpi5/openclaw/skills/ghostfolio ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

nsimonfr/nic-os

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT