Skillv0.3.3

ClawScan security

Advanced Financial Ml · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content matches a financial-ML/backtesting purpose, but there are internal inconsistencies (undeclared runtime requirements and enforcement instructions that trigger installs/filesystem changes) that the user should understand before installing or running it.
Guidance: This skill appears to be a genuine finance/backtesting guidance bundle, but it has small yet important inconsistencies you should address before running it. Watch for the following: (1) SKILL.md claims Python 3.12+ and a 'uv' package manager, yet the registry lists no required binaries — ensure you run it inside a controlled Python 3.12+ virtual environment (venv/conda) before letting the agent execute commands. (2) The instructions and seed.yaml expect to run python commands, possibly pip install zvt, and create/write under ~/.zvt (or ZVT_HOME). Do not allow the agent to run installs or filesystem writes without your explicit consent; review any pip install commands and the exact packages to be installed. (3) The seed.yaml execution_protocol tells the agent to re-read the seed file and run preconditions on behavioral decisions — be aware this skill enforces its own runtime policy which may change agent behavior. (4) If you intend to use real market data or live trading, audit the code and data sources carefully (this bundle focuses on backtesting and has many domain constraints you should follow to avoid look‑ahead bias and other pitfalls). What would increase confidence: explicit declared runtime requirements in the registry (python binary, pip/uv), an install spec pointing to vetted release sources (no arbitrary URLs), and an explicit list of pip packages the skill will install so you can review them beforehand.

Review Dimensions

Purpose & Capability: noteName, description and the large set of reference docs consistently describe an advanced financial-ML/backtesting toolkit (ZVT / MlFinLab style). That high-level purpose justifies precondition checks and backtest rules. However SKILL.md explicitly says 'Requires Python 3.12+ with uv package manager' while the registry metadata lists no required binaries or env vars — an inconsistency between claimed runtime needs and the declared requirements.
Instruction Scope: noteThe runtime instructions and seed.yaml expect the agent to run environment checks and preconditions (python commands that import zvt, assert kdata availability, create ~/.zvt, and suggest pip installs). Those actions are related to the skill's backtesting purpose but they instruct the agent to run commands, install packages, and write to disk. The instructions also demand the agent re-read seed.yaml and honor its execution_protocol; this gives the skill broad runtime control over agent behavior (within the agent's normal execution capabilities).
Install Mechanism: noteNo install spec or code files are present (instruction-only), which is low-risk. Nonetheless seed.yaml's execution_protocol refers to install_recipes and an install_trigger flow (verify package imports, run host_adapter.install_recipes[]) even though no install recipes are provided in the bundle and the registry lists no install steps — an internal mismatch that may confuse or lead to runtime attempts to pip-install packages.
Credentials: noteThe skill declares no required env vars in the registry, but SKILL.md and references/LOCKS.md refer to environment items (ZVT_HOME) and expect writable data dirs. Preconditions include commands that read ZVT_HOME and attempt to create/write files under it. The requested environment access is plausible for a backtesting toolkit, but it was not declared up front in the registry metadata — a proportionality/documentation gap.
Persistence & Privilege: okThe skill does not request always: true and does not claim system-wide privileges. It does instruct the agent to run preconditions and to re-read seed.yaml on behavioral decisions, which is an unusual enforcement of internal policy but not an OS-level persistence or cross-skill configuration change. This is noteworthy but not itself privileged.