Skillv0.3.3

ClawScan security

Economic Dashboard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a macro-data/dashboard purpose but contains broader trading/execution and credential‑management instructions and prescriptive runtime steps that go beyond a simple dashboard; review before installing.
Guidance: This package is an instruction-only, compiled blueprint for an end-to-end quant/dashboard pipeline that also includes trading and credential-management guidance. Before installing or allowing autonomous runs: 1) Review seed.yaml, SKILL.md, and the scripts referenced (scripts/*) to see exactly what commands will run and how credentials are handled. 2) Expect the agent to run Python checks and read/write under ZVT_HOME (~/.zvt) — run in an isolated environment or container if you are unsure. 3) Do not supply API keys or broker credentials until you verify where and how they are stored (look for encryption, storage paths, and any calls that transmit them). 4) Because the skill includes trading_execution semantics (semantic locks and next-bar execution), treat any automated 'execute' action with caution — confirm whether the skill will actually place orders or only generate code/signals. 5) Ask the publisher for source repo/homepage and a README explaining credential handling and any install recipes; absence of a source/homepage is a red flag. If you need help reviewing specific scripts (e.g., setup_credentials.py or scripts that migrate caches), share them for a focused review.

Review Dimensions

Purpose & Capability: noteName/description promise a macroeconomic dashboard and local multi-source storage. The package includes end-to-end pipeline elements (data_collection → ... → trading_execution) and use-cases for backtests and trading execution, plus credential setup scripts. Trading/execution and credential-management are plausible for a full quant pipeline but expand the scope beyond a read-only dashboard — this is not strictly disproportional but is broader than a UI-only 'dashboard' expectation.
Instruction Scope: concernSKILL.md and seed.yaml direct the agent to reload seed.yaml, run declared preconditions (python commands that check/import zvt, touch/verify ~/.zvt), and follow an execution protocol that may run host install recipes and precondition scripts. Those runtime instructions can run Python commands, inspect and write to local paths (ZVT_HOME), and invoke credential setup/verification scripts. For an instruction-only skill this grants broad filesystem and runtime activity relative to a simple dashboard and could lead to unintended local actions if followed automatically.
Install Mechanism: noteNo install spec or external downloads are declared (instruction-only), which is lower risk. However seed.yaml's execution_protocol refers to host_adapter.install_recipes[] and pip install zvt in preconditions — these imply installation steps may be suggested at runtime even though none are packaged. That mismatch is worth noting but not an active install risk in the package itself.
Credentials: concernThe skill declares no required env vars, yet many references and use-cases involve external APIs (FRED, Yahoo Finance), credential managers, and scripts to 'setup_credentials' or 'verify_api_keys'. The skill expects credential handling but does not declare or require the credentials up front; this omission makes it unclear how secrets will be requested, stored, or used. Additionally, preconditions read/write to ZVT_HOME (~/.zvt) which affects local config and storage but was not explicitly called out in required config fields.
Persistence & Privilege: notealways:false and no declared modifications to other skills — normal. But the SKILL.md/seed.yaml strongly instruct the agent to re-read and obey seed.yaml and to run host install/precondition actions on execute; while not an elevation of platform privileges, it gives this skill large influence over the agent's runtime behavior if followed without human review.