ClawHub

AI Hedge Fund

Security checks across malware telemetry and agentic risk

Overview

This skill is generally coherent for running a stock-analysis simulation, but users should notice that it depends on installing and running an unpinned external GitHub project and reads the local OpenClaw model configuration.

Before installing, review the external GitHub project or pin it to a trusted commit, preferably install it in a virtual environment, and remember that the output is a simulation/analysis aid rather than guaranteed investment advice.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Running setup may install code from a changing third-party repository into the local Python environment.

Why it was flagged

The skill relies on cloning and installing an external repository without a pinned commit or reviewed source in the provided artifacts. This is central to the skill's purpose and user-directed, but it means the installed code may change over time.

Skill content
git clone https://github.com/virattt/ai-hedge-fund /data/workspace/ai-hedge-fund
pip install -e /data/workspace/ai-hedge-fund --break-system-packages --quiet
Recommendation

Review or pin the GitHub repository before installing, and prefer an isolated virtual environment instead of --break-system-packages.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The skill can inspect local OpenClaw configuration when auto-detecting the model.

Why it was flagged

The wrapper reads the local OpenClaw configuration to detect the active model. The code appears to extract only the model name and does not show credential logging or transmission, but this local config access is not reflected in the registry's required config paths.

Skill content
cfg_path = "/root/.openclaw/openclaw.json"
...
cfg = json.load(open(cfg_path))
...
primary = agents.get("main", {}).get("model", {}).get("primary")
Recommendation

Use the --model flag if you do not want the skill to read OpenClaw config, and keep sensitive credentials out of broadly readable config files.

#
ASI05: Unexpected Code Execution
Low
What this means

Invoking the skill runs the separately installed hedge-fund project code.

Why it was flagged

The wrapper runs the external project's main.py with user-provided analysis options. This is expected for the skill's purpose and uses a subprocess argument list rather than a shell string, but it still executes code outside the provided skill files.

Skill content
cmd = [
        "python3", "/data/workspace/ai-hedge-fund/src/main.py",
        "--tickers", args.tickers,
...
result = subprocess.run(cmd)
Recommendation

Install from a trusted, reviewed version of the external project and avoid running it with unnecessary privileges.