Skillv0.3.3

ClawScan security

Bt Portfolio Backtest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be a 'bt' backtest helper but its instructions and embedded artifacts reference a different stack (ZVT/blueprint), undeclared environment variables, and runtime checks that contradict the declared footprint — the pieces don't fully line up.
Guidance: This skill is internally inconsistent: it advertises 'bt' usage but its instructions and included artifacts are heavily ZVT/blueprint-centric and expect the agent to check/install zvt and manipulate ~/.zvt. Before installing or invoking it, ask the maintainer to clarify: (1) which framework is actually required (bt or zvt) and provide an explicit install spec; (2) list all required binaries and environment variables (e.g., ZVT_HOME) and any credential needs; (3) confirm whether the skill will run pip installs or write to your home directory. If you proceed, run it in a sandboxed environment, do not supply sensitive credentials, and review any pip install commands and scripts the agent would execute. If you cannot get clarification, treat the skill as untrusted and avoid running its automated precondition/install steps on your main system.

Review Dimensions

Purpose & Capability: concernName/description advertise building/backtesting with the 'bt' framework, but SKILL.md, seed.yaml, and many reference files repeatedly mention ZVT, zvt-related preconditions, and a finance blueprint (finance-bp-125). The metadata also requires 'Python 3.12+ with uv package manager' even though the registry entry declares no required binaries or env vars. This mismatch (bt vs ZVT/blueprint, implied dependencies not declared) is disproportionate to the stated purpose and suggests either sloppy composition or embedded unrelated functionality.
Instruction Scope: concernRuntime instructions and seed.yaml require the agent to run precondition checks that import zvt, assert ZVT_HOME, touch files in ~/.zvt, and (on failure) run pip install and zvt init commands. SKILL.md also includes fatal 'semantic locks' (strict execution rules) and an execution_protocol that instructs re-reading seed.yaml and running host install recipes. None of these operations were declared in the skill's registry metadata; they access environment/config state beyond a simple 'write-only' helper and could cause the agent to attempt installs, filesystem writes, or network access to data providers.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces risk from arbitrary downloaded code. However seed.yaml's execution_protocol references install_recipes and package verification steps that are not provided here, and SKILL.md demands a specific Python+package manager environment. The absence of an explicit, consistent install recipe while embedding install instructions in text is inconsistent and worth noting.
Credentials: noteRegistry reports no required env vars/credentials, yet the instructions reference and validate ZVT_HOME and rely on external data providers (eastmoney, joinquant, qmt, etc.) that may require credentials/accounts. The skill may prompt the agent to run pip installs and create/modify ~/.zvt. Requested environment access is not declared up-front, which is disproportionate to the listed metadata.
Persistence & Privilege: noteThe skill does not set always:true and is user-invocable, which is appropriate. It does, however, instruct initialization of local data directories (zvt.init_dirs), touching files under ~/.zvt, and mandates re-reading seed.yaml before behavioral decisions (execution_protocol). Those are not global privileges, but they do give the skill potential to modify user-local config/data — the behavior is plausible for backtesting but should be made explicit.