AI Risk Assessment
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned and non-malicious, with only user-noticeable issues around unpinned dependencies, external market-data access, and an advertised stress-test capability that is not implemented.
This skill looks safe to review/install for calculation purposes, but use a virtual environment, consider pinning dependencies, remember that market data comes from an external provider, and verify the outputs yourself before making financial decisions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependencies will bring third-party package code into the user's Python environment.
The skill asks users to install third-party Python packages without version pins. This is expected for the market-data and numerical-calculation purpose, but package versions and provenance are left to the package index.
pip install akshare pandas numpy scipy
Install in a virtual environment and consider pinning or reviewing dependency versions before use.
The stock symbols queried may be sent to or resolved through the external market-data provider, and results depend on that provider's data quality.
The VaR calculation retrieves market data through AkShare using the supplied stock code. This is purpose-aligned, but it is an external data-provider call.
df = ak.stock_zh_a_hist(symbol=code, period="daily", adjust="qfq")
Use only symbols you are comfortable querying externally and independently verify important financial results.
Users may expect stress-testing functionality that is unavailable or may fail if called.
The manifest exports a `stress_test` function, and SKILL.md advertises stress testing, but the provided source does not implement a `stress_test` function. This is a capability mismatch rather than evidence of malicious behavior.
"exports": ["calculate_var", "stress_test", "position_suggestion"]
Verify the implemented functions before relying on the skill, especially for investment or risk-management decisions.