Skillv0.0.2

ClawScan security

BacktestBot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 9:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (backtesting) matches the single API credential it requests, but the package lacks provenance (no source/homepage), omits endpoint/implementation details, and has a small inconsistency in declared vs. documented environment variables—so exercise caution before handing over an API key.
Guidance: This skill appears to do what it says (backtesting), but the package provides no source code, homepage, or endpoint documentation — so you cannot verify where your BACKTESTBOT_API_KEY or any strategy/data will be sent. Before installing or setting BACKTESTBOT_API_KEY: (1) prefer to obtain the key from a known/trustworthy provider and confirm the service's endpoint and privacy policy, (2) create a scoped or revocable API key with least privilege, (3) avoid using production accounts or real brokerage credentials for testing, (4) if you set BACKTESTBOT_DATA_DIR, point it to a controlled directory and confirm what is cached, and (5) be prepared to revoke the API key if you notice unexpected activity. If the publisher can supply a homepage, API docs, or contact info, re-evaluate once those are available.

Review Dimensions

Purpose & Capability: noteThe name/description (backtesting + analytics) align with requesting an API key to a backtest service. Asking for a BACKTESTBOT_API_KEY is proportionate to that purpose. However, the registry entry lists no source, homepage, or implementation details, which means you cannot verify where your API key will be sent or how data will be handled.
Instruction Scope: concernSKILL.md describes backtesting capabilities and references an optional BACKTESTBOT_DATA_DIR for caching, but it does not specify endpoints, request formats, or where network requests are sent. The SKILL.md documents BACKTESTBOT_DATA_DIR as an optional variable but that variable is not listed in the declared requires.env block—this mismatch is a minor inconsistency. Because the instructions lack explicit trustable endpoints or telemetry/privacy statements, it's unclear what data (strategy definitions, historical data, or results) will be transmitted off-host.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing will be written to disk or downloaded during install. That lowers the attack surface relative to skills that fetch external binaries.
Credentials: noteOnly a single required credential (BACKTESTBOT_API_KEY) is declared, which is proportionate for an external backtesting API. The optional BACKTESTBOT_DATA_DIR is mentioned but not declared in requires.env. There are no unrelated or extra credentials requested, but because the API key will be used to authenticate network calls to an unverified service, you should treat it as sensitive and only provide a key with limited scope.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable only. It does not declare any system-wide configuration changes or elevated persistence. Autonomous invocation is allowed by default but is not combined here with other high-risk flags.