ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Microsoft Qlib

v1.0.0

Microsoft Qlib - AI-oriented Quantitative Investment Platform. Use when: (1) stock/financial data analysis, (2) quantitative trading strategy development, (3...

0· 40·0 current·0 all-time
by@sawyerieong-cpuai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is coherent with a Qlib integration: it only requires Python and shows typical qlib usage (pip install qlib, qlib.init(), data fetching, backtesting). However, the registry lists the skill source as 'unknown' and provides no homepage while the SKILL.md claims Microsoft Qlib — this provenance mismatch could indicate impersonation or an untrusted publisher.
Instruction Scope
SKILL.md instructions are scoped to installing qlib and using its API (init, data access, backtest, model training). It does not instruct reading unrelated files, harvesting env vars, or sending data to unexpected endpoints.
Install Mechanism
Installation is via pip install qlib (declared in SKILL.md metadata). Pip installation from PyPI is expected for this package but carries the usual risk of executing third-party code. Also note a minor inconsistency: registry metadata said 'No install spec' while SKILL.md contains an openclaw.install entry — this mismatch should be reconciled.
Credentials
No environment variables or credentials are requested by the skill. This is proportionate for an instruction-only qlib integration. Be aware that some data sources used with qlib may require separate API keys which are not requested here.
Persistence & Privilege
The skill is not force-enabled (always:false) and is user-invocable. It does not request elevated platform privileges or persistent presence.
What to consider before installing
This SKILL appears to be a plain Qlib usage guide and pip-based install, which is coherent with its description — but two things to check before installing: (1) provenance: the registry entry has no source/homepage while the skill claims 'Microsoft Qlib' — confirm the publisher is trustworthy and that you are installing the official qlib package (compare with the official GitHub and PyPI entries). (2) pip risk: pip install will download and run code from PyPI; install into an isolated virtualenv or container and review the package/version. Finally, be aware that real data access may require separate data-provider API keys or configurations handled outside this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9775tyxx99hbsw6nmjxx4y8hs8422wf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
Binspython

Comments