ClawHub

Warren Buffet's Brain

v1.0.0

Point-in-time Buffett-style company analysis for stocks, Berkshire case studies, and BUY/PASS verdicts. Use when the user wants a Buffett/Graham underwriting...

0· 112·0 current·0 all-time
by@yixiao1032-publish
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The repo, SKILL.md, and many markdown artifacts all describe a Buffett/Graham underwriting framework and cached company cards — and the included oracle.py + company_cards/ make that plausible. Minor mismatches: README and CLAUDE.md reference Claude Code and EDGAR web access while agents/openai.yaml also exists (two different runtimes hinted). SKILL.md declares no required env vars, yet the program expects to fetch filings from the web and to read/write local company_cards — network and filesystem access are implied but not declared as required environment items.
Instruction Scope
SKILL.md tightly scopes runtime behavior to reading bundled files, reusing cached company_cards, running the seven hard gates, and optionally saving cards/memos back to the repo. Those steps are coherent for the stated purpose. However the workflow explicitly instructs the agent/user to fetch SEC EDGAR filings when a card is absent and to write files when updating the repo; that implies network access and file-write operations. Also some docs (buffett_brain.md) include absolute local host paths (/Users/pineapple/...) which are incidental but unusual and should not be consulted on the host.
Install Mechanism
No install spec is provided (instruction-only packaging with an included python helper), so nothing is automatically downloaded or executed by an install step. That is lower risk than remote-download installers. Still, the included oracle.py is executable code bundled with the skill and could be run by the agent or user — review it before executing.
Credentials
The skill declares no required environment variables or credentials, which aligns with the repo's stated offline, point-in-time analysis philosophy. The repo nevertheless expects outbound web access to fetch public filings in some flows; the lack of credential requests is proportionate to the described functionality.
Persistence & Privilege
Flags show always:false and no automatic persistence. The SKILL.md instructs that if the repo is being updated the agent should save cards and append memos — that grants file write capability only if the agent/user runs these update steps. This behavior is plausible and scoped to the skill's purpose, but you should limit write permissions if you don't want the skill to modify files.
Assessment
This package appears to be a coherent Buffett-style research framework, but before installing or running it, do the following simple checks: 1) Inspect oracle.py (and any small scripts) for network calls, hardcoded endpoints, calls to subprocess/shell, or code that reads arbitrary filesystem paths. Search for 'requests', 'urllib', 'socket', 'subprocess', 'open(', and 'os.system'. 2) Open agents/openai.yaml and CLAUDE.md to verify they don't contain API keys or telemetry endpoints. 3) If you will allow the agent to fetch filings, be aware that this implies outbound network access — confirm which endpoints will be used and whether your environment policy allows that. 4) If you intend to let the skill update the repo, run it in a sandbox or give limited filesystem permissions (or require manual review of any saved changes). 5) The docs include absolute local paths (e.g., /Users/pineapple/...), which are benign artifacts but indicate developer-local references; they should not be trusted as runtime instructions to read other hosts. If you are not comfortable inspecting the code yourself, ask the publisher for: (a) a brief code summary of oracle.py's external I/O, (b) whether any telemetry/analytics endpoints are contacted, and (c) an explicit list of network hosts the tool may access. If any of the above reveal unexpected endpoints, credential prompts, or aggressive shell execution, treat the package as suspicious and do not run it on sensitive hosts.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔮 Clawdis
buffetvk97fqc85x08zqjemp79ykp67as84g903financevk97fqc85x08zqjemp79ykp67as84g903investingvk97fqc85x08zqjemp79ykp67as84g903latestvk97fqc85x08zqjemp79ykp67as84g903researchvk97fqc85x08zqjemp79ykp67as84g903warrenvk97fqc85x08zqjemp79ykp67as84g903
112downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@yixiao1032-publish
buffetfinanceinvestinglatestresearchwarren
Download

Buffett Oracle is a research skill for deciding whether a company deserves a BUY or PASS under a strict Buffett + Graham underwriting framework.

Use this skill when the user wants:

  • A Buffett-style memo on a public company, bank, utility, or crypto protocol
  • A point-in-time re-underwriting of a Berkshire decision
  • A moat explanation tied to hard numbers, not vibes
  • A clean BUY / PASS verdict instead of a hedged summary
  • A comparison against prior benchmark cases or same-era control groups

Read Order

Read only what you need:

  • buffett-oracle.md Use for the Buffett Oracle persona, output structure, and portable prompt wording.
  • buffett_brain.md Use for the Graham operating layer, 7 hard gates, named exemptions, and moat logic.
  • coverage_scope.md Read before making any claim about benchmark completion or historical coverage.
  • company_cards/ Check first. If a matching card already exists, reuse it and do not re-fetch the filing.
  • backtest_results.md and analysis_index.json Use for benchmark precedents and indexed case linkage.
  • universe_expansion.md and universe_expansion_index.json Use for non-benchmark precedents without polluting the benchmark hit-rate.
  • methodology_audit.md Read when the user asks how reliable the framework is, or whether the score implies predictive power.
  • gate_review.md Read when the user asks why certain high-quality assets still fail the hard gates.

Non-Negotiables

  • Use only information that was public on or before the decision date.
  • Never describe the 29 benchmark rows as Buffett or Berkshire's full investment universe.
  • Never re-fetch a company that already has a cached card in company_cards/.
  • If any hard gate fails, default to PASS unless a named exemption clearly applies.
  • Every BUY needs two same-era control groups.
  • Lock the BUY / PASS conclusion before revealing what Buffett actually did.
  • Treat this as a research framework, not personalized investment advice.

Workflow

  1. Classify the request as INVESTMENT, SPECULATION, or TOO_HARD. If it is SPECULATION or TOO_HARD, explain why and stop.
  2. Check company_cards/ for a cached <TICKER>_<YEAR>.json. Reuse the card if present. Only fetch a new filing when no card exists.
  3. Run the 7 hard gates from buffett_brain.md. Any failed gate means PASS, unless one of the named exemptions below is explicitly justified.
  4. Apply required overlays when triggered. If g2 fails but moat still matters, add an owner-earnings note. If g6 fails but moat still matters, add a quality-multiple note. For new live or expansion memos, include management_veto as clear, watch, or fail.
  5. Write the moat paragraph. If you cannot explain why competitors cannot replicate the business in 10 years, the answer is PASS.
  6. For every BUY, include the safety-margin math. State owner's earnings or normalized earnings, value range, required return, and implied discount.
  7. Pick two same-era control-group companies that Buffett did not buy. Run the same gate logic on them. If they also pass, explain the differentiator.
  8. Lock the verdict before reveal. Only after the verdict should you reveal Buffett's action, later outcome, and whether the framework agreed.
  9. If you are updating this repository, save the card, append the memo to the correct markdown archive, and update the matching index JSON.

Named Exemptions

  • CRISIS_PREFERRED For Goldman 2008 / BAC 2011 / GE 2008 style preferred-plus-warrant rescue structures.
  • INFRA_EXEMPTION For rail and utility monopolies when monopoly status is clear and EV/EBITDA < 15x.
  • GROWTH_EXCEPTION For high-ROIC compounders where weak raw FCF mostly reflects value-creating expansion rather than bad economics.

If you invoke an exemption, say so explicitly and defend it.

Output Contract

Use this summary block in the final answer:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CLASSIFICATION: [INVESTMENT / SPECULATION / TOO_HARD]
VERDICT: [BUY / PASS]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Hard Gates: [all passed / failed gates / exemption applied]
Named Exemption: [CRISIS_PREFERRED / INFRA_EXEMPTION / GROWTH_EXCEPTION / none]
Moat Type: [brand / network / switching cost / cost advantage / none]
Safety Margin: [owner's earnings, value range, required return, implied discount]
Key Conviction: [one sentence]
Key Risk: [one sentence]
Control Group: [Company A | Company B]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Then reveal:

  • what Buffett or Berkshire actually did
  • what happened afterward
  • whether the framework and Buffett agreed

Data Guidance

  • For US equities, prefer SEC EDGAR press-release or annual-report pages before full 10-K pulls.
  • For non-US companies, use official annual reports or equivalent filings.
  • For crypto or Web3, use on-chain and protocol-source documents, but keep the same anti-speculation bar.
  • Post-decision facts belong only in the reveal section, never in the underwriting logic.

Scope Reminder

The audited benchmark is a curated 29-case set. It is evidence of archive coverage, not a promise of forward hit rate and not the full Berkshire history.

Comments

Loading comments...