Vynn Backtester
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything using this configured key can run Vynn backtests under the user's account or quota.
The plugin uses a service API key to authenticate remote backtest requests. This is expected for the Vynn integration, but it is still credentialed access that can consume the user's Vynn quota.
self.api_key = os.getenv("VYNN_API_KEY", "") ... "X-API-Key": self.api_keyUse a Vynn-specific API key, keep it out of shared logs or prompts, and verify any VYNN_BASE_URL override before running the skill.
Proprietary strategy ideas, ticker lists, or lookback choices may leave the local environment and be processed by Vynn.
The skill discloses that backtest inputs are transmitted to an external provider. This is purpose-aligned, but users should notice the data flow.
Strategy descriptions and ticker lists are sent to the Vynn API for backtest execution
Only submit strategy details you are comfortable sharing with Vynn, and avoid including personal portfolio holdings or sensitive account information in strategy text.