AI Model Team
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a trading prediction tool, but the artifacts also show trade-execution and sensitive-credential capabilities that are not clearly declared or scoped.
Review this carefully before installing. Use it in analysis-only mode unless you deliberately want trading execution, keep any exchange API keys read-only, do not grant withdrawal permissions, and avoid the documented patched/local install path unless you can verify the exact source being installed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these modules are invoked with exchange credentials, the skill could affect real trading activity rather than only producing analysis.
The changelog describes order-execution functionality, including order type selection, large-order splitting, and execution retry, while SKILL.md presents the skill mainly as a prediction system.
execution.py - 智能订单执行 - 订单类型选择 (limit/market/post_only) - 大单拆分优化 - 滑点估算 - 执行重试
Treat this as a trading-capable skill, not just a predictor. Require explicit per-order user confirmation, document execution mode separately, and use read-only credentials unless the user intentionally enables trading.
Users may not know whether API keys, trading permissions, or account credentials are needed, or how narrowly those credentials should be scoped.
The declared credential contract says no credentials are needed, but the capability signal indicates sensitive credentials are required, creating ambiguity about what account access the skill expects.
Required env vars: none; Primary credential: none; Capability signals: requires-sensitive-credentials
Declare every credential and required scope explicitly. Separate read-only market-data credentials from trading credentials, and disallow withdrawal permissions by default.
Installing the skill as documented could load code whose exact contents and provenance are outside the reviewed artifact set.
The README instructs users to rely on local patched source and a /tmp fallback, and references an install script not present in the provided manifest, so part of the runnable install path is not reviewable from the artifacts.
本 skill 不支持 `pip install -r requirements.txt` 直接安装 ... 需要使用本 skill 自带的 `.venv` 虚拟环境 ... cp -r /tmp/timesfm-repo/src/timesfm .venv/src/ ... ./scripts/install.sh
Package the patched TimesFM source in the skill or use pinned, hash-verified dependencies. Include any referenced install scripts in the manifest or remove those instructions.
If configured, alerts or telemetry may leave the local environment and be sent to the webhook target.
The configuration supports sending alerts to an external webhook if the user sets one; masking is enabled by default, but the outbound data boundary is not described in SKILL.md.
ALERT_WEBHOOK: str = os.getenv("ALERT_WEBHOOK", "")
MASK_SENSITIVE_LOGS: bool = os.getenv("MASK_SENSITIVE_LOGS", "true").lower() == "true"Leave ALERT_WEBHOOK unset unless needed, verify the webhook destination, and confirm logs do not include account identifiers, API responses, or trading details.