Insurance Actuarial Python
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting actuarial modeling could instead be guided into equity/crypto trading workflows and financial-data setup.
The stated actuarial/interest-rate purpose does not match the later stock/crypto trading and execution workflow, which can mislead users about what the skill will guide the agent to do.
description: 使用奇异谱分析和平稳自助法...构建 NSS 曲线模型... Pipeline `data_collection -> ... -> trading_execution -> visualization`; Target market: A-share (default), HK, or crypto?
Clarify the skill scope, rename or split the actuarial and ZVT trading workflows, and make any trading capability explicit before installation.
If connected to a broker or trading-capable environment, the agent could interpret the workflow as authority to generate or execute financial orders.
The skill defines trading-cycle and buy/sell semantics but does not clearly require paper-only mode, explicit user confirmation, account limits, or rollback controls for high-impact financial actions.
SL-01: Execute sell orders before buy orders in every trading cycle ... SL-06: filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTION
Require explicit user approval for every live order, default to paper/backtest mode, and document hard limits for markets, accounts, order size, and reversibility.
Running the setup may execute third-party package code that was not part of the reviewed artifacts.
The skill instructs installation of an unpinned external package even though the supplied registry install spec is absent, leaving dependency provenance and version behavior unclear.
PC-01: `python3 -c 'import zvt; print(zvt.__version__)'` → on_fail: Run: python3 -m pip install zvt then re-run: python3 -m zvt.init_dirs
Add a declared install spec with pinned versions and checksums, or require the user to review and install dependencies manually in an isolated environment.
Users may expose paid-provider or broker access without clear limits on what the agent can do with it.
The skill may involve paid data accounts or a broker provider, but the artifacts do not define credential handling, read-only versus trading permissions, or account-scope boundaries.
Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
Document credential requirements, require least-privilege/read-only access by default, and separate data-fetch permissions from any live trading permissions.