Oathe Security Badge

Is 77Spongebob/quant safe?

https://clawhub.ai/77Spongebob/quant

89
SAFE

This quantitative investment assistant skill appears to be a legitimate financial analysis tool with well-structured Python code for data fetching and quantitative analysis. While it contains some directive language and executable code, no malicious behavior was detected during installation or analysis.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Directive agent instructions -15

The skill's SKILL.md contains instructions that direct the agent to immediately create specific files and respond in particular ways, which could influence agent behavior beyond normal skill functionality.

INFO Executable Python code present -20

The skill contains Python modules with executable code for quantitative finance operations. While the code appears legitimate and domain-appropriate, it could potentially be executed if imported by an agent.

INFO Non-English primary language -15

The skill is primarily written in Chinese, which may limit the ability of some users to fully audit its functionality and intentions.