Skillv0.1.2

ClawScan security

A Stock Quant Lab · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated A‑share quant purpose, but there are mismatches (undeclared config/env access and an unexpected 'uv' binary requirement) that warrant caution before installation.
Guidance: This skill is largely what it says: an instruction-only A‑share quant lab built around zvt that will run Python commands, download data from external providers, and write to a local zvt data directory (~/.zvt). Before installing: (1) Verify the source — this skill has no homepage and an unknown owner. (2) Confirm whether you have or are willing to provide any required API tokens (joinquant, broker/qmt) and where they should be stored — the skill does not declare these env vars. (3) Investigate the declared required binary 'uv' (not typical for zvt) — ask the publisher what 'uv' is and why it's required. (4) Expect the skill to run pip installs and create/write files under ZVT_HOME (~/.zvt) — if you want to limit its reach run it in an isolated environment/virtualenv or sandbox. (5) If you will give the agent autonomous invocation rights and network access, be aware it could perform data downloads and write files without additional prompts; reduce privileges if you are uncomfortable. If the publisher can clarify the 'uv' requirement and supply a list of exact env vars/credentials and config paths the skill will use, that will resolve the main inconsistencies.

Review Dimensions

Purpose & Capability: noteName and description match the instructions: this is an instruction-only wrapper around zvt for A‑share data collection, factor research and backtesting. Asking for python3 is coherent. However the declared required binary 'uv' is unusual for a Python-only zvt workflow and is not explained in SKILL.md, which is disproportionate/unexpected.
Instruction Scope: concernSKILL.md instructs the agent to run Python commands (pip install zvt, zvt.recorders, zvt.init_dirs), read/write the ZVT home (~/.zvt) and perform network calls to multiple external data providers (eastmoney, joinquant, baostock, akshare). The skill metadata claims no required config paths or env vars, yet runtime preconditions explicitly reference ZVT_HOME and attempt to write to the user's home directory; the instructions therefore access filesystem state and environment variables not declared in the registry metadata.
Install Mechanism: noteNo install spec (instruction-only), which is low risk by itself. The SKILL.md still expects the environment to allow pip installs (e.g., 'pip install zvt') and to run arbitrary Python code. There is no remote download or hidden installer, but the skill will instruct the agent to fetch packages and network data at runtime.
Credentials: concernThe skill declares no required environment variables, yet it expects network access to third‑party providers; some providers (joinquant, qmt broker) commonly require API keys/accounts but no credentials or tokens are declared. Primary credential is listed as 'python' (not a secret) which is not a real credential. Missing declaration of expected secrets/config (e.g., JOINQUANT_TOKEN, QMT credentials, or ZVT_HOME path) is an incoherence.
Persistence & Privilege: notealways:false and model invocation allowed (platform default). The instructions will create and write to a local zvt home directory (~/.zvt) and may persist downloaded data; writing to the user's data directory is expected for this purpose but the registry metadata did not declare required config paths, which is a discrepancy to review.