ClawHub

Drawdown

v1.0.0

Drawdown analysis reference — maximum drawdown, peak-to-trough, recovery time, risk metrics. Use when evaluating portfolio risk, stress-testing strategies, o...

0· 91·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (drawdown analysis reference) match the code and SKILL.md: the skill provides documentation and examples for drawdown metrics and points to running scripts/script.sh subcommands to show content. There are no unexpected credentials, binaries, or platform requirements.
Instruction Scope
SKILL.md instructs the agent to run local commands (scripts/script.sh <command>) that correspond to the included script. The instructions only reference an optional DRAWDOWN_DIR config path and otherwise stay within the stated purpose (explanations, calculations, examples). There is no guidance to read arbitrary user files, search system state, or send data to external endpoints in the provided instructions.
Install Mechanism
No install spec is present (instruction-only + included script). Nothing is downloaded or extracted from external URLs and no package managers are invoked; risk from install mechanisms is minimal.
Credentials
The skill declares no required environment variables or credentials. SKILL.md documents a single optional DRAWDOWN_DIR for data storage, which is reasonable for a reference/example skill. The provided script content does not access environment secrets in the reviewed portion.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configuration in the provided files, and uses standard, local script execution. Autonomous invocation is allowed by platform default but is not unusual for this type of skill.
Assessment
This skill appears to be a local reference that prints drawdown analysis guidance and examples — nothing in the provided files indicates network calls, credential use, or reading unrelated files. Before installing: (1) review the entire scripts/script.sh to confirm there are no hidden network calls, file writes, or shell execs beyond printing text (the provided excerpt was truncated), (2) if you will run it in an environment with sensitive data, ensure it runs in a sandbox or with limited privileges, and (3) if you expect the skill to read/write data, confirm what DRAWDOWN_DIR will contain and where it will write. If you can provide the full script.sh file (no truncation), I can raise confidence to high after rechecking.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wt7xz4vqg6076nhtth3t7d83bxcd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments