Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Hedge Fund
v1.2.0Run an AI-powered hedge fund simulation with 16+ legendary investor agents. Each agent analyzes stocks from their unique investment philosophy. Auto-detects...
⭐ 0· 103·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (AI-powered hedge fund simulation) aligns with the included code and instructions (runs a multi-agent analysis using an external repo). However there are mismatches: SKILL.md claims model autodetection checks $OPENCLAW_LLM_MODEL and a default fallback, but the provided run.py only reads /root/.openclaw/openclaw.json and will exit if that file is missing. Some runtime paths in SKILL.md (e.g., /data/workspace/skills/skills/...) don't match the repository layout, suggesting sloppy/inconsistent documentation.
Instruction Scope
SKILL.md tells the agent/user to git clone an external GitHub repository into /data/workspace and pip install it editable (pip install -e), then run the project's main script. Those steps will write third-party code to disk and run it. The run.py also reads /root/.openclaw/openclaw.json (host agent config) to detect the model, which goes beyond the skill's core task of stock analysis and accesses host configuration. The instructions also claim behavior (env var check and default model) that the code does not implement.
Install Mechanism
There is no registry install spec, but SKILL.md directs cloning from a public GitHub repo and performing pip install -e, which executes arbitrary setup/install hooks from upstream code. Installing unreviewed third-party code via pip from a repo is a moderate-to-high risk action and should be audited before running.
Credentials
The skill declares no required env vars, but run.py reads /root/.openclaw/openclaw.json to obtain the 'primary' model. Reading a root-level OpenClaw config is disproportionate because it may expose other agents' configuration (and potentially sensitive fields) beyond what's needed for a single simulation. SKILL.md's claim to also consult $OPENCLAW_LLM_MODEL is not reflected in the code, increasing confusion about what the skill will access.
Persistence & Privilege
The skill is not forced-always and does not request persistent platform privileges. It does, however, instruct cloning code into /data/workspace and pip installing it (local persistence of third-party code). The only direct sensitive host access is reading /root/.openclaw/openclaw.json; the skill does not modify other skills or global agent settings in the provided files.
What to consider before installing
This skill performs what it claims (multi-agent stock analysis) but has worrisome implementation details. Before using it: 1) Inspect the upstream repository (https://github.com/virattt/ai-hedge-fund) — review its setup.py/pyproject and src/main.py for network calls, secrets handling, or arbitrary shell execution. 2) Avoid blindly running the provided pip install -e; clone in an isolated environment or container and run there. 3) Prefer supplying --model manually instead of relying on the skill's autodetect (the code reads /root/.openclaw/openclaw.json which can expose host agent configuration). 4) If you must install, run tests and a static code audit on the repository first. 5) If you lack the ability to audit the upstream code, treat this skill as potentially risky and do not run it on systems that hold secrets or production credentials.Like a lobster shell, security has layers — review code before you run it.
ai-agentsvk97d93xnymr0tq4jre62dgqf0h84qsegfinancevk97d93xnymr0tq4jre62dgqf0h84qseghedge-fundvk97d93xnymr0tq4jre62dgqf0h84qseginvestingvk97d93xnymr0tq4jre62dgqf0h84qseglatestvk973p1rkjry1tk5vwsh8fc0xa984qf1atradingvk97d93xnymr0tq4jre62dgqf0h84qseg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.