Finrobot Multi Agent
AdvisoryAudited by VirusTotal on Apr 23, 2026.
Overview
Type: OpenClaw Skill Name: finrobot-multi-agent Version: 0.3.3 The bundle is a comprehensive financial analysis platform (finrobot-multi-agent) that coordinates multiple AI agents for equity research, market forecasting, and backtesting. It includes extensive domain-specific constraints and 'semantic locks' in seed.yaml and SKILL.md to prevent common quantitative errors like look-ahead bias and SEC rate limit violations. While it contains a cryptographic vulnerability (unsalted SHA-256 hashing mentioned in finance-C-029/BD-029), the behavior is strictly aligned with its stated purpose and lacks evidence of intentional malice, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a real broker integration, the agent could generate or run workflows that affect actual positions or cash balances.
The skill moves beyond analysis/backtesting into broker and order-execution language. The artifacts do not clearly require a separate confirmation, dry-run mode, or scope boundary before any live trading action.
`data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization`; `qmt (broker)?`; `SL-01` Execute sell orders before buy orders in every trading cycle
Treat all trading workflows as simulation-only unless you explicitly intend live trading; require a separate confirmation before any broker login, order placement, or account-changing action.
You may be asked to provide API keys or broker/account credentials without a clear statement of required scopes, storage, or whether read-only access is sufficient.
The registry declares no credential contract, but capability signals indicate OAuth or sensitive credentials may be needed. Combined with financial data and broker-provider references, the credential scope is under-specified.
Required env vars: none; Env var declarations: none; Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
Use read-only or least-privilege API keys where possible, avoid providing broker trading credentials unless explicitly needed, and confirm how credentials will be stored and used.
Running the suggested setup can install packages and create or modify local financial-data directories.
The skill documents local Python commands and package installation as setup/precondition steps. These are user-directed and related to the stated ZVT/backtesting purpose, but they still modify the local environment.
`PC-01`: ... on_fail: Run: python3 -m pip install zvt then re-run: python3 -m zvt.init_dirs ... `PC-04`: ... chmod u+w ~/.zvt
Run setup commands yourself in a virtual environment, inspect packages before installing, and avoid broad permission changes unless necessary.
Financial reports, filings, or user-provided documents could be indexed or reused in later analysis if the implementation persists them.
The component map includes retrieval and vector-store capabilities, which are expected for financial document analysis but may persist or reuse indexed document content.
`RetrieveUserProxyAgent.retrieve` ... `vector_store`
Avoid indexing private documents unless you understand where the vector store is kept, how it can be cleared, and whether it is shared across tasks.
Important behavior may be controlled by reference material beyond the short SKILL.md summary.
The skill delegates important behavior to a large authoritative seed file. This is disclosed, but because the source is unknown and the skill may guide financial/trading workflows, users should inspect the full authoritative file before relying on it.
authoritative_artifact: primary: seed.yaml ... On any behavioral decision ... agents MUST re-read seed.yaml. Derivatives are for UI display only
Review the full seed.yaml and reference files, especially before using the skill for trading, credentials, or generated code execution.