Skillv1.0.3

ClawScan security

Tqsdk策略量化 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 6:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package is broadly what it claims (a TqSdk strategy library) but there are mismatches and risky gaps — notably missing declared credential requirements, a prompt‑injection signal in SKILL.md, and multiple code quality/undefined-variable issues — so review and caution are advised before use (especially with real accounts).
Guidance: What to consider before installing/using this skill: - Functionality: The bundle is indeed a large offline collection of TqSdk Python strategies — that's coherent with its description. - Credentials: Several strategy files include TqAuth("YOUR_ACCOUNT","YOUR_PASSWORD"). If you plan to run strategies against a real broker, you will need to provide account credentials — the skill metadata does not declare or scope these, which is a red flag. Do NOT paste real credentials into example files; prefer running with TqSim (simulation) first. - Prompt-injection: SKILL.md contained unicode-control characters flagged by a scanner. Inspect SKILL.md for hidden characters or unexpected instructions before trusting automated agents to follow it. - Code quality: Many scripts are educational but some reference undefined variables (e.g., volume_long, volume_short, position) and have other rough edges. Expect to review and possibly fix code before running. Treat the repository as code samples, not production-ready bots. - Safety steps before running: (1) Review all files locally; (2) Run only with a simulated account (TqSim) until you audit behavior; (3) Never supply real broker credentials to the skill/agent without manual verification of the exact code that will execute; (4) Add required environment variables explicitly and avoid leaving credentials in plaintext in files; (5) Remove or investigate any hidden/unicode-control characters in SKILL.md. If you want, I can: (A) scan the repository for occurrences of TqAuth/TqAccount usage and list files that would require credentials; (B) point out specific files with undefined variables or logic bugs to fix before running in real trading.
Findings: [unicode-control-chars] unexpected: SKILL.md contains unicode control characters pattern flagged by the scanner. This is not necessary for a strategy library and could be an attempt to influence automated evaluation or rendering — recommend opening SKILL.md in a safe text editor and removing/inspecting hidden characters before trusting it.

Review Dimensions

Purpose & Capability: noteThe name/description (TqSdk strategy library) matches the large set of included Python strategy files. However the code assumes use of TqSdk auth (TqAuth) and real trading accounts (placeholders YOUR_ACCOUNT / YOUR_PASSWORD) even though metadata.requires.env lists no credentials; that mismatch should be clarified (if you plan to run strategies against a broker you will need credentials).
Instruction Scope: concernSKILL.md instructs the agent to read and explain strategy code (expected) and gives useful guidance, but the pre-scan flagged 'unicode-control-chars' in SKILL.md (a common prompt-injection vector). The instructions otherwise do not demand unrelated file reads or external exfiltration, but the injection signal means the SKILL.md should be reviewed carefully before trusting its runtime instructions.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces install-time risk. README instructs installing tqsdk via pip (pip install tqsdk -U) — reasonable and expected. No downloads from arbitrary URLs are present.
Credentials: concernMany strategy files call TqAuth(...) and TqSim() and contain placeholders for account/password; yet the skill declares no required environment variables or primary credential. This omission is inconsistent: running for real will require broker credentials, but those are not declared nor scoped. Also several strategy files reference variables like volume_long, volume_short or position without defining them (code-quality bugs) — none of which justify requesting broad system credentials, but they increase the chance an operator will paste credentials into files or commands to 'make it work'.
Persistence & Privilege: okSkill does not request elevated platform privileges; always=false and no special config paths. It is user-invocable and allows autonomous invocation (platform default) — no additional persistence or privileged modifications are requested by the package.