Strategy Workflow
WarnAudited by ClawScan on May 10, 2026.
Overview
The trading-backtest purpose is clear, but the skill instructs the agent to run persistent self-healing shell workflows and unreviewed helper scripts that can start, kill, and relaunch jobs without clear user approval.
Install or invoke this only if you intend to let an agent manage a backtesting workspace with shell access. Before running, inspect the referenced local scripts, use a sandbox or dedicated machine, set explicit paths and stop conditions, disable autonomous watchdogs unless needed, and do not provide root SSH access or broad filesystem access without confirming each action.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep pursuing the workflow and remediation steps even when the user expected a bounded task.
The skill attempts to set persistent goals and stopping behavior for the agent, which can conflict with a user's later intent to pause, stop, or limit the work.
This workflow is always-on and goal-locked. It must continuously push toward tradeable alpha and must not stop on single-point failures.
Require explicit user approval for long-running execution, define clear stop conditions, and treat the workflow's 'mandatory' autonomy as advisory rather than binding.
The agent could run shell commands, launch workloads, or take remediation actions without the user reviewing each step.
The skill gives broad local execution instructions and removes manual approval for actions that may affect processes, files, compute resources, or remote jobs.
If an action is executable locally by the swarm, execute immediately. Do not wait for manual direction.
Gate Bash, process control, remote execution, and file mutation behind explicit confirmations, especially for launches, relaunches, kills, and remote SSH actions.
If the user provides SSH access, the agent may operate with root privileges on a remote machine.
Remote root access is disclosed and aligned with cloud GPU backtesting, but it is privileged account access that users should handle carefully.
scp -P PORT workflow_files root@HOST:/root/WORKFLOW/ ... ssh -p PORT root@HOST "cd /root/WORKFLOW && python optimize_strategy.py ..."
Use least-privileged remote accounts where possible, confirm host and path values, and avoid giving the agent persistent root access unless necessary.
The actual behavior depends on local scripts outside the reviewed skill, so the agent could run code the user has not inspected in this review context.
The reviewed manifest contains only markdown files, but the skill tells the agent to execute helper scripts whose contents and provenance are not included for review.
bash scripts/start_swarm_watchdogs.sh ... scripts/backtest-optimize --parallel ... cd WORKFLOW && ./launch_parallel.sh
Review the referenced scripts before use, pin their source, and only run them from a trusted project directory.
Incorrect or poisoned state/log entries could influence future autonomous remediation or next-step decisions.
The workflow stores persistent state and failure memory that later control-plane logic treats as operational context, but the artifacts do not define validation, retention, or trust boundaries for that state.
Failure memory must be persistent and append-only via: docs/reference/FAILURE_POINTS_BACKTEST_OPTIMIZE.json, docs/reference/KNOWLEDGE_BASE_BACKTEST.md, <state_root>/workflow_events.log.
Keep state files scoped to a single run or trusted workspace, review them before reuse, and avoid treating stored workflow state as authoritative without validation.
A single misdetected failure could trigger repeated resource-consuming actions or interfere with other workloads.
Automatic remediation across workers, GPUs, logs, state files, and launchers can propagate a bad signal or faulty state into repeated relaunches or process changes.
On worker crash, stuck worker, stale progress, OOM, or failed GPU path: detect in the same control cycle, execute remediation immediately, and re-verify outcome.
Add bounded retries, cooldowns, user alerts, and manual approval for repeated or destructive remediation actions.
The agent may spawn or maintain background workflows that continue consuming resources or changing state until manually stopped.
The skill describes autonomous, persistent background behavior that can continue operating through watchdogs, relaunchers, and self-healing loops beyond a single user command.
All other corrective actions are autonomous and immediately executed.
Run only in an isolated environment, require explicit start/stop controls, and ensure all watchdog sessions and background processes are visible and easy to terminate.