Crypto Backtest
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: crypto-backtest Version: 1.0.0 The OpenClaw skill bundle provides a crypto backtesting engine. All files, including the `SKILL.md` instructions, are aligned with the stated purpose. The Python scripts (`backtest_engine.py`, `sweep.py`) use standard libraries like `ccxt` for data fetching and `argparse` for command-line arguments. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`, `eval` of untrusted input), persistence mechanisms, or prompt injection attempts against the AI agent. File I/O is limited to saving backtest results locally, which is an expected function. The code is straightforward and lacks obfuscation or suspicious dependencies.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these packages gives dependency code access inside the Python environment where the command is run.
The skill asks users to install unpinned third-party Python packages. This is expected for a ccxt-based market data tool, but users still rely on package registry provenance.
pip install ccxt numpy
Install in a virtual environment, verify package names, and consider pinning known-good versions before use.
The selected exchange may receive the requested symbol, timeframe, and network metadata such as IP address.
The engine contacts a user-selected ccxt exchange to fetch OHLCV market data. This is purpose-aligned and the visible code shows a read-only market-data call rather than trading actions.
exchange = exchange_class({"enableRateLimit": True, "options": {"defaultType": "swap"}})
candles = exchange.fetch_ohlcv(symbol, timeframe, limit=limit)Use trusted exchanges and avoid assuming the backtest is private from the market-data provider.