Back to skill
Skillv0.3.3
ClawScan security
Freqtrade Crypto Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 2:27 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's documentation and runtime instructions contain multiple internal inconsistencies (Freqtrade branding vs heavy ZVT/Qlib artifacts, undeclared runtime/env requirements, and implicit install steps) — it may be legitimate but you should get clarifications before installing or running it in production.
- Guidance
- Do not install or run this skill in a production or privileged environment yet. Ask the publisher for clarifications: (1) Why does a 'Freqtrade' skill include heavy ZVT/Qlib artifacts and seed.yaml that require zvt and ZVT_HOME? (2) Confirm the exact runtime requirements (Python version, package manager 'uv') and provide an explicit install spec if the skill needs to install packages. (3) Ask the author to declare any environment variables the skill will read or modify. If you still want to test it, run it in an isolated sandbox or VM with no sensitive credentials, and monitor for any pip installs or filesystem writes. Finally, note the SKILL.md's evidence-quality warning (low verify ratio) — treat outputs as unverified until you can audit them.
Review Dimensions
- Purpose & Capability
- concernThe skill is named and described as a 'Freqtrade Crypto Bot', but the bundled materials heavily reference ZVT, Qlib, and other backtesting frameworks (many ZVT anti-patterns, preconditions, and a large seed.yaml). That mix of different toolchains is unexpected for a focused Freqtrade skill. The SKILL.md also declares a runtime requirement (Python 3.12+ and an 'uv' package manager) even though the registry metadata lists no required binaries or env — a clear mismatch.
- Instruction Scope
- concernSKILL.md and seed.yaml contain explicit execution protocol steps: re-read seed.yaml at runtime, run preconditions that execute python one-liners (e.g., import zvt, check ZVT_HOME, try recorders), and instruct running pip install if checks fail. Although there is no code shipped, these instructions tell an agent to run environment-modifying commands and to access filesystem/environment values (ZVT_HOME). That scope goes beyond a passive README and grants the skill runtime discretion to install packages and probe the host.
- Install Mechanism
- noteThere is no declared install spec and no code files (instruction-only), which is lower risk. However the execution_protocol in seed.yaml and SKILL.md instruct the agent to invoke host install recipes and to pip-install zvt if preconditions fail. The absence of an explicit, declared install spec combined with runtime instructions to install packages is an inconsistency worth clarifying.
- Credentials
- concernRegistry metadata claims no required env vars, but SKILL.md/seed.yaml reference ZVT_HOME and preconditions run code that reads os.environ. The skill also instructs installing third-party Python packages (zvt). Requesting or reading unlisted environment variables and recommending installs is disproportionate to what a simple Freqtrade backtest template should need and should be explicitly declared.
- Persistence & Privilege
- notealways is false (no forced global inclusion). The skill's execution_protocol asks the agent to run host install recipes and to re-load seed.yaml on each execution; this can change the agent's runtime environment but is not the same as always:true. Autonomous invocation is allowed by default (platform normal) — combine this with the other concerns before enabling autonomous runs.