Back to skill
Skillv0.1.0
VirusTotal security
Backtest Engine - Run Backtests · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 10:06 AM
- Hash
- 18385cc143b93dccd9723ca8ff1a65801106e801a12f046a9bfe77d3115b5ac2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: einstein-research-backtest-engine-dv Version: 0.1.0 The skill bundle contains a significant security vulnerability in `scripts/backtest_engine.py`, where the `load_custom_strategy` function uses `importlib.util` to dynamically load and execute arbitrary Python code from a file path provided via the `--strategy-file` CLI argument. This pattern allows for Remote Code Execution (RCE) if an attacker can influence the file system or the arguments passed to the script. Additionally, there is a discrepancy between `SKILL.md`, which describes a YAML-based configuration, and the Python implementation, which lacks YAML parsing logic and expects a Python file for custom strategies.
- External report
- View on VirusTotal