ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Einstein Research Suite

v1.0.0

A complete quantitative market research toolkit for serious traders and investors. Includes 11 specialized skills covering backtesting, breadth analysis, bub...

0· 49·0 current·0 all-time
byRunByDaVinci@clawdiri-ai·duplicate of @clawdiri-ai/einstein-research
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The named capabilities (backtesting, options Greeks, VaR, regime detection, etc.) are plausible for a quantitative research pack. However, the README lists Python 3.8+ and specific libraries (yfinance, pandas, numpy, scipy) while the SKILL.md and registry metadata do not declare those dependencies or provide an install mechanism—an inconsistency between claimed capabilities and the manifest.
Instruction Scope
SKILL.md is an instruction-only pack manifest: it documents included subskills and gives clawhub install commands. It does not ask the agent to read unrelated files or exfiltrate data. However, installing the listed subskills (via clawhub) is required for functionality, and those subskills are not included in this package for review—so the effective runtime instructions and behaviors depend on remote packages you haven't inspected.
Install Mechanism
There is no install spec in this package (lowest local risk). The quick-start relies on clawhub install to fetch eleven subskills; those install-time actions are outside this manifest and could pull arbitrary code/dependencies. The absence of a declared, reproducible install or source/homepage reduces transparency and increases install-time risk.
Credentials
The pack requests no environment variables, credentials, or config paths in the registry metadata (proportionate). But the README states Python and several libraries are required and that some skills use external CSVs. The lack of explicit dependency declarations (requirements file, constraints, or pip/venv instructions) is a missing justification for runtime needs.
Persistence & Privilege
The package does not request always-on inclusion and allows normal model invocation. It does not claim to modify other skills or system-wide settings in the provided manifest.
What to consider before installing
Before installing: (1) Ask the publisher for source repository links or a homepage and for the SKILL.md / code of each included subskill so you can review what clawhub will fetch. (2) Request a concrete install/manage plan: a requirements.txt or pyproject with pinned versions, and any install scripts that clawhub will run. (3) Prefer installing in an isolated environment (VM/container) to limit blast radius. (4) Inspect each included subskill for network calls, credential access, or hidden endpoints before giving access to sensitive data. (5) If you cannot obtain or review the subskills' code and provenance, treat the bundle as higher-risk and avoid installing it into production or on accounts with sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

financevk9707f7gk5wv8010tj6g5mwz6s83p4t2latestvk9707f7gk5wv8010tj6g5mwz6s83p4t2quantvk9707f7gk5wv8010tj6g5mwz6s83p4t2researchvk9707f7gk5wv8010tj6g5mwz6s83p4t2tradingvk9707f7gk5wv8010tj6g5mwz6s83p4t2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments