双色球选号系统 v2
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may pull external Python packages into the user's environment.
The skill declares installation of third-party Python packages without version pinning; this is disclosed and plausibly related to updating historical data, but it introduces normal package-supply-chain exposure.
"python_packages": ["requests", "beautifulsoup4"] ... "command": ["pip3", "install", "-q", "requests", "beautifulsoup4"]
Install in a virtual environment where possible, pin or review dependency versions if reproducibility matters, and confirm the package install is acceptable before use.
Running the skill executes local Python code that can read the included data/config files and write generated result files.
The skill's normal workflow runs bundled Python scripts. This is disclosed and central to the skill's purpose, but it means code executes with the user's local permissions.
python3 scripts/update_ssq_history.py ... python3 scripts/generate_ssq.py ... python3 scripts/backtest_ssq.py
Run it from the intended skill directory, review configuration before use, and avoid granting unnecessary elevated permissions.