Lean Cloud Backtest
Security checks across malware telemetry and agentic risk
Overview
Review recommended: the skill has no scanned code, but its documents mix LEAN and ZVT workflows and embed under-declared setup and account requirements.
Before installing, confirm whether you want a LEAN/QuantBook workflow or a ZVT workflow. Run any setup commands manually in a virtual environment, inspect any install recipes first, and use read-only finance/data credentials where possible. Do not provide wallet keys, broker trading credentials, or paid-provider credentials unless the exact use and scope are clear.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting a LEAN cloud backtesting assistant may be led into ZVT-specific setup, data workflows, or provider choices instead.
The same primary artifact advertises a LEAN/QuantBook skill but gives ZVT-specific operational guidance, creating a material mismatch about what framework and dependencies the user is actually being guided to use.
description: |- 通过 LEAN 引擎搭建多市场量化研究与回测环境... ... - Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
Clarify whether the skill is for LEAN/QuantBook or ZVT, and separate the workflows so users can see the exact framework, dependencies, and account needs before running anything.
The agent could be instructed to run setup recipes that are not visible in the standard install contract, making dependency provenance and review harder.
The bundled source-of-truth file defines an install trigger that executes host adapter recipes, while the supplied registry install section says there is no install spec. That makes install-time behavior under-declared in the platform metadata.
execution_protocol:
install_trigger:
- Execute resources.host_adapter.install_recipes[] in declared order
- Verify each package with import check before proceedingDeclare all install commands and dependencies in the install spec, pin package versions where possible, and require user approval before running any setup recipe.
Running the setup can change the local Python environment and create or modify ZVT data directories.
The skill documents local Python commands, package installation, initialization, and a write-test under ZVT_HOME. These are expected for a local backtesting/data environment, but they are still local code execution and filesystem mutation.
`PC-01`: `python3 -c 'import zvt; print(zvt.__version__)'` → on_fail: Run: python3 -m pip install zvt then re-run: python3 -m zvt.init_dirs ... `PC-04`: ... `test_f.touch(); test_f.unlink()`
Use a virtual environment or container, review commands before execution, and avoid running setup with elevated privileges.
The agent may ask you to use external finance accounts or broker integrations without a clearly declared credential contract.
The skill may involve paid data-provider or broker-related accounts. This is aligned with finance data access, but the registry declares no primary credential or required environment variables.
- Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
Provide only the minimum needed credentials, prefer read-only/data-only access, and do not provide broker trading credentials or wallet/private-key material unless the workflow is explicitly reviewed and necessary.
The assistant may over-prioritize the bundled reference material instead of simply answering from the user's current request.
The skill tells the host to elevate seed.yaml and a fixed reading order as authoritative for business decisions. This may be intended for consistency, but it affects how the agent prioritizes context.
rule: On any behavioral decision ... agents MUST re-read seed.yaml. Derivatives are for UI display only and may be out-of-date. ... Before answering any business question, the host MUST read them in order
Keep the user's current request and explicit approvals as controlling; treat the seed file as reference material rather than an unconditional authority.