Skillv0.1.1

ClawScan security

X2strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 5:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match the claimed paper→spec→code→backtest functionality, but there are notable coherence issues (metadata doesn't declare required LLM keys), it persists LLM API keys to disk, and it executes generated/backtest code — so review and sandboxing are recommended before use.
Guidance: What to check before installing or running this skill: - Source verification: confirm the repository origin and maintainers (the skill metadata shows 'source: unknown' and README references multiple GitHub org/user names). Only install from a trusted, verifiable repo. - Secrets handling: the skill will ask for an LLM API key and write it into a local .env (gitignored). Prefer using a limited-scope or ephemeral API key, and store it in a secure secret store rather than a plaintext file where possible. - Sandbox execution: the skill generates Python strategy code and runs backtests as subprocesses. Run it in an isolated environment (container / VM / dedicated venv) with no access to production data or credentials. - Inspect code that executes subprocesses: review scripts/ (analyze.py, validate_strategy.py, backtest execution paths) to ensure no unexpected network or shell commands are executed beyond intended backtests and downloads (data pulls like yfinance/akshare/benchmarks are expected for this domain). - Dependency footprint: the agent may install heavy packages (FAISS, sentence-transformers). Be prepared for large downloads and resource usage; only enable the 'agent' extras if you need long-paper FAISS retrieval. - Metadata mismatch: registry lists no required env vars but SKILL.md requires LLM keys — treat the registry fields as incomplete. Ask the maintainer (or verify repo) for an authoritative requirements list and changelog. If you want higher confidence: obtain the source repo URL and a commit/tag to verify, have the skill run in an isolated environment first, and/or request the maintainer to update registry metadata to list required env vars and install steps. If you lack the ability to sandbox, avoid supplying high-privilege or long-lived keys.

Review Dimensions

Purpose & Capability: noteThe repository contains a full paper2spec + spec2code pipeline (parsers, extractor, codegen, validator, backtester) which is coherent with the skill description. However the registry metadata claims no required environment variables or binaries while SKILL.md and README explicitly require an LLM API key (DEEPSEEK/OPENROUTER/OPENAI), a Python environment, and optional heavy extras (FAISS, sentence-transformers, backtrader, yfinance, akshare). That mismatch between declared requirements and the runtime instructions is an inconsistency to be aware of.
Instruction Scope: concernRuntime instructions ask the agent to: 1) prompt the user for an LLM API key if not found, 2) persist configuration and the key to a local .env (gitignored), 3) run parsing/extraction/codegen/validation/backtests (including subprocess execution of generated strategy code), and 4) auto-activate for finance papers. The pipeline will execute generated Python/backtest code as subprocesses and will scan/scan directories for metadata. Executing generated code and storing API keys are higher-risk behaviors and should be done in an isolated environment.
Install Mechanism: noteNo formal install spec in registry, but README/SKILL.md instructs users to run 'uv sync' or 'pip install -e "[...]
Credentials: concernThe skill needs an LLM API key to function (expected for LLM-driven extraction). However the registry declared zero required env vars while SKILL.md instructs checking for and writing DEEPSEEK_API_KEY, OPENROUTER_API_KEY or OPENAI_API_KEY into a local .env. Persisting API keys to disk (even if .env is gitignored) increases the risk of secrets at rest. The requested env access is otherwise proportional (no unrelated cloud credentials requested), but the omission from the metadata is a red flag.
Persistence & Privilege: noteThe skill is not marked 'always:true' and uses normal autonomous invocation. It does persist configuration (workspace path, selected model/provider and API key) to a .env file in the skill workspace and scans the chosen library directory for metadata.json. Persisting settings and keys is expected for tooling but increases the attack surface (secrets on disk). Also SKILL.md recommends the agent auto-activates on any finance paper input — a broad trigger that could cause the skill to run without an explicit 'implement' request.