Investor Harness
v0.6.5Open prompt stack for public-market investment research. Show this menu after install: ๐ Research: 1.Company Deep-dive 2.Industry Map 3.Investment Thesis ๐...
โญ 0ยท 105ยท0 currentยท0 all-time
byfocusailab@joansongjr
MIT-0
Download zip
LicenseMIT-0 ยท Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (public-market research prompt stack) match the content: many specialized 'sm-*' modules, data-adapter rules, archival/checkpointing and evidence discipline. There are no unexpected environment variables, binaries, or external credentials required by default.
Instruction Scope
SKILL.md and core/* instruct the agent to read and create workspace files (.task-pulse, .checkpoint, coverage/INDEX.md, archives), enforce preflight/postamble steps, and auto-display a menu on many trigger phrases. These behaviors are coherent for a research harness but mean the agent will persist outputs and read local workspace state; the skill also suggests adding a user-level system prompt snippet (INSTALL-PROMPT) to enforce triggers, which is an explicit action the user must approve.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk โ nothing is downloaded or executed on install.
Credentials
Manifest declares no required env vars or credentials. The adapters mention optional external data sources (iFind MCP, cn-web-search, EDGAR) which may require credentials if the user chooses to integrate them โ but those are optional and appropriate for the stated purpose.
Persistence & Privilege
The harness intentionally persists state (checkpoints, task-pulse, output archive) and guides the agent to write files into the user's workspace. It does not set always:true or request system-wide privileges, but its recommended INSTALL-PROMPT encourages adding behavior into the system prompt, which grants persistent behavioral enforcement if the user pastes it into their environment. This persistence is coherent with the skill's goals but is a material privilege the user should be aware of.
Scan Findings in Context
[no_regex_findings] expected: Static regex scanner found nothing to analyze โ this is expected because the package is instruction-only (Markdown) with no executable code files.
Assessment
This skill appears internally consistent for structured investment research. Key points to consider before installing: 1) It will create/read files in your workspace (.task-pulse, .checkpoint, coverage/archive folders) โ ensure you are comfortable with those files being written and review their contents. 2) It suggests adding a snippet to your system prompt (INSTALL-PROMPT) to enforce automatic triggers โ do NOT paste or enable that without reading it; adding it changes agent behavior persistently. 3) External data sources (iFind, cn-web-search, SEC/EDGAR) are optional; only provide API keys/credentials if you trust and need those integrations. 4) If you want to avoid aggressive auto-invocation, skip adding the install/system-prompt piece and do not enable autopilot/autotriggering modes. 5) For team or compliant environments, review the compliance and archival behavior (the harness archives outputs) to ensure it meets your information-security and record-retention policies.Like a lobster shell, security has layers โ review code before you run it.
latestvk9725hqh7e2gvx4wqtqsyw61dd84eqc7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.