quant-trading-backtrader
v1.0.0Build, backtest, and optimize quantitative trading strategies in Python using Backtrader with support for indicators, risk management, and reporting.
⭐ 1· 864·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and the included example (sma_crossover.py) all align: they implement/backtest a simple SMA crossover using Backtrader, demonstrate stop-loss handling, generate synthetic CSV data, run a backtest, and delete the temp file. There are no requested env vars, binaries, or config paths that conflict with the trading/backtesting purpose.
Instruction Scope
Runtime instructions are narrowly scoped to installing Backtrader/matplotlib and using the provided templates/examples. The SKILL.md and example script only read/write a local temporary CSV, run backtests, and print logs. There are no instructions to read unrelated system files, access network endpoints, or exfiltrate data.
Install Mechanism
The skill is instruction-only (no install spec), which is low risk, but there's a package.json in the bundle listing Python packages (backtrader, matplotlib) as npm dependencies — an incoherence. This manifest is out of place (npm manifests normally list JS packages) and could indicate sloppy packaging or automated conversion; it does not itself install anything, but it is unexpected and should be verified.
Credentials
The skill requests no credentials or environment variables. The example script writes a temporary CSV (temp_data.csv) to the current directory and then removes it — file I/O is limited and proportional to its stated purpose. No sensitive environment access or unrelated credentials are requested.
Persistence & Privilege
The skill does not request persistent or elevated privileges. always is false, and there are no install hooks or configuration changes in the repository. The skill does not attempt to modify other skills or system-wide agent settings.
What to consider before installing
This package behaves like a simple Backtrader example and contains no obvious exfiltration or secret access, but proceed cautiously because the source is unknown and the bundle contains a suspicious npm-style package.json that lists Python packages (likely a packaging mistake). Before running: 1) Verify the publisher or obtain the SKILL from a trusted source. 2) Inspect code yourself (you already have examples/sma_crossover.py) and search for any network calls or subprocess execution. 3) Run in an isolated environment (virtualenv or VM) and avoid running pip install globally — malicious or typo-squatted PyPI packages are a general risk. 4) If you plan to install dependencies, pin known-good package versions from trusted indexes, and consider auditing the actual PyPI packages (or use a vetted wheel). If you need higher assurance, request the upstream source/repository or a maintained release rather than this anonymous bundle.Like a lobster shell, security has layers — review code before you run it.
latestvk9739s3e0nba90ebqcyt8r7hq9823m8j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.