Vynn Backtester
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: vynn-backtester Version: 1.0.0 The OpenClaw skill 'vynn-backtester' is a legitimate client for the Vynn backtesting service. It clearly documents its purpose, required environment variables (`VYNN_API_KEY`), and external network interactions with `https://the-vynn.com` for backtesting and signup. The `plugin.py` code correctly handles API key authentication and sends only strategy descriptions and ticker lists, without attempting to exfiltrate sensitive data or execute arbitrary commands locally. The `SKILL.md` contains no prompt injection attempts against the agent; all instructions and examples are for legitimate usage.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything using this configured key can run Vynn backtests under the user's account or quota.
The plugin uses a service API key to authenticate remote backtest requests. This is expected for the Vynn integration, but it is still credentialed access that can consume the user's Vynn quota.
self.api_key = os.getenv("VYNN_API_KEY", "") ... "X-API-Key": self.api_keyUse a Vynn-specific API key, keep it out of shared logs or prompts, and verify any VYNN_BASE_URL override before running the skill.
Proprietary strategy ideas, ticker lists, or lookback choices may leave the local environment and be processed by Vynn.
The skill discloses that backtest inputs are transmitted to an external provider. This is purpose-aligned, but users should notice the data flow.
Strategy descriptions and ticker lists are sent to the Vynn API for backtest execution
Only submit strategy details you are comfortable sharing with Vynn, and avoid including personal portfolio holdings or sensitive account information in strategy text.