Back to skill
Skillv1.0.0
ClawScan security
Quant Strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:54 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with a quant-strategy helper: it only contains guidance for producing Python backtest/ factor-analysis code and requests no installs, credentials, or file access.
- Guidance
- This skill appears coherent and instruction-only, so it doesn't demand credentials or install anything. Before using: (1) review any code the assistant generates before executing it (especially if it performs network I/O or system calls); (2) never paste API keys, broker credentials, or other secrets into chats — if you connect to data/broker APIs later, use secure credential storage; (3) be aware backtest results are not guarantees of live performance and validate strategies in a sandbox or paper-trading environment; (4) note the skill metadata restricts OS to win32, but since it's instruction-only that mostly affects any platform-specific advice the assistant might give.
Review Dimensions
- Purpose & Capability
- okName/description: 'Quant Strategy' — SKILL.md instructs the agent to help design factors, write Python strategies, process data, run/interpret backtests and suggest optimizations. There are no declared binaries, env vars, or config paths that would be unexpected for this purpose.
- Instruction Scope
- noteInstructions stay within the stated domain (strategy design, code examples, metrics). The skill does not instruct the agent to read local files, access system paths, or exfiltrate data. Note: the skill may sensibly recommend using market-data or broker APIs (which typically require credentials) but it does not request or handle any secrets itself.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is low-risk because nothing is written to disk by the skill package itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That matches the instruction-only nature and the described functionality.
- Persistence & Privilege
- okalways:false and default invocation settings. The skill does not request permanent presence or modification of other skill/system configurations.