Crypto Backtest
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent crypto market backtesting tool, with expected network data fetching and local result output but no evidence of credential use, live trading, exfiltration, or persistence.
This looks safe to use for local backtesting if you are comfortable installing the Python dependencies and making market-data requests to an exchange. Run it in a virtual environment, verify dependency sources, and remember that the results are simulations rather than trading guarantees.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these packages gives dependency code access inside the Python environment where the command is run.
The skill asks users to install unpinned third-party Python packages. This is expected for a ccxt-based market data tool, but users still rely on package registry provenance.
pip install ccxt numpy
Install in a virtual environment, verify package names, and consider pinning known-good versions before use.
The selected exchange may receive the requested symbol, timeframe, and network metadata such as IP address.
The engine contacts a user-selected ccxt exchange to fetch OHLCV market data. This is purpose-aligned and the visible code shows a read-only market-data call rather than trading actions.
exchange = exchange_class({"enableRateLimit": True, "options": {"defaultType": "swap"}})
candles = exchange.fetch_ohlcv(symbol, timeframe, limit=limit)Use trusted exchanges and avoid assuming the backtest is private from the market-data provider.