Numerai Tournament
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent with Numerai participation, but it gives an agent financially consequential account access and autonomous submission authority without clear approval limits.
Only install or use this skill if you are comfortable delegating Numerai account actions to an agent. Use a limited API key if Numerai supports it, keep the secret key protected, run dependencies in an isolated environment, and require manual approval before any prediction submission or staking-related action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit tournament predictions that affect the user's Numerai account and staked NMR without the user reviewing each action.
The artifact explicitly combines autonomous operation with submissions that can affect cryptocurrency outcomes, but it does not show a clear approval gate or user-defined limits before submission.
Participate autonomously ... Download data, train a model, submit predictions each round ... earn (or lose) NMR cryptocurrency
Require explicit user confirmation before every submission and define limits such as which model to use, when to submit, and whether any staking or account changes are allowed.
Anyone running the skill with those credentials is delegating meaningful Numerai account authority to the agent.
The skill requires Numerai account credentials for an autonomous finance/crypto workflow; the artifacts do not clearly constrain the credential scope or permitted account actions.
Required env vars: NUMERAI_PUBLIC_ID, NUMERAI_SECRET_KEY; Primary credential: NUMERAI_SECRET_KEY
Use the least-privileged API key available, revoke/rotate it if unsure, and only run the skill with explicit instructions that forbid staking or account changes unless separately approved.
The installed packages and their transitive dependencies will run locally and could change over time.
The setup installs Python dependencies from package repositories without version pins. This is expected for a Python ML skill, but it leaves dependency provenance and reproducibility to the user.
pip install numerapi lightgbm pandas numpy cloudpickle scikit-learn
Install in a virtual environment, prefer pinned versions or a reviewed requirements file, and avoid running the workflow on a machine with unrelated sensitive data.