worldquant-miner-cn
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a finance-account automation guide that asks for WorldQuant credentials and can run persistent Docker services that submit alphas, but the runnable components are missing from the reviewed package.
Treat this as a review-required skill. Before using it, inspect the original source, Docker Compose files, Dockerfiles, and Python code; avoid storing real passwords in plaintext; and ensure submissions require your explicit approval.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or following the instructions could give the automation access to the user's WorldQuant account.
The skill asks the user to place WorldQuant account credentials, including a password, into a local plaintext file. This is central to the tool, but the registry declares no primary credential or required environment variable, so the credential boundary is under-disclosed.
echo '["your.email@worldquant.com", "your_password"]' > credential.txt
Use only a credential storage method you trust, avoid plaintext passwords where possible, and confirm the skill metadata clearly declares required credentials before use.
The automation may submit alphas through the user's WorldQuant account, potentially consuming limits or affecting account activity without a clear confirmation step.
The skill advertises automated submission to WorldQuant, a third-party account action. The artifacts mention daily limits and filtering, but do not clearly require user confirmation for each submission or describe reversal/containment controls.
📤 **智能提交** - 每日限制,自动过滤
Require explicit user approval before each submission and document exactly what account actions are performed.
A user may need to obtain and run external or missing code that was not reviewed here, while also providing account credentials.
The skill instructs users to run Docker Compose deployment files, but the reviewed manifest contains only README.md, SKILL.md, package.json, and references/README_en.md. The compose files and Python implementation are not present, creating an unreviewed-code/provenance gap for a credentialed finance automation system.
docker-compose -f docker-compose.gpu.yml up -d
Review the actual Docker Compose files, Dockerfiles, Python code, and dependency locks from a trusted source before running anything.
The system could keep generating, testing, and potentially submitting alphas in the background until explicitly stopped.
The reference documentation describes persistent autonomous operation. Combined with WorldQuant credential use and submission features, this means the system may continue acting after initial setup.
🤖 **Fully automated** 24/7 operation
Run only with clear start/stop controls, monitoring, and submission approval settings; do not leave it unattended with production credentials.