Quant Orchestrator

Multi-Agent AI Quant System with multi-coin prediction, strategy templates, and automated backtesting

This skill contains plausible quant code but also several red flags you should resolve before installing or using it with real data or funds: 1) billing.py embeds a hardcoded API key and calls a third‑party billing API — ask the author why a secret is in the repository and request that billing keys be provided via environment variables or handled by the platform (and rotate the embedded key immediately). 2) The SKILL.md and registry declare no credentials or dependencies, yet the code uses requests, numpy, and lightgbm and will make outbound network calls to api.hyperliquid.xyz and skillpay.me — verify these endpoints are expected and safe. 3) Several files hardcode a local model path (/Users/a/...), so running CLI entrypoints might read local files — run the skill in a sandbox and inspect what files it opens. 4) Ask the publisher for provenance (homepage, source repo, author identity) and why billing is implemented inline. 5) If you test it, do so in an isolated environment with no access to your production secrets or wallets, and monitor outbound network traffic. If the author cannot justify the embedded billing key or the undeclared dependencies/endpoints, do not install or run the skill.

Type: OpenClaw Skill Name: quant-orchestrator Version: 1.1.0 The skill bundle contains a hardcoded API secret key in 'billing.py' and hardcoded absolute local file paths (e.g., '/Users/a/.openclaw/...') in 'skill_v2.py' and 'skill_with_billing.py', which will cause execution failures and represent poor security hygiene. There is also a discrepancy between the documented pricing in 'SKILL.md' (0.1 USDC) and the code implementation (0.0001 USDC) in 'billing.py'. While the core logic aligns with the stated purpose of quantitative trading, the inclusion of a custom billing SDK pointing to 'https://skillpay.me' and leaked credentials makes the bundle high-risk for production use.