Skillv0.3.3

ClawScan security

Lifelines Survival Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:28 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to provide lifelines-based survival analysis but its instructions and artifacts are dominated by a finance/backtest/trading blueprint (ZVT) that asks the agent to run Python commands, install packages, and read/write local ZVT data — the declared purpose and runtime expectations do not align.
Guidance: This skill's description says 'lifelines survival analysis' but the instructions and reference files are a finance/backtest/trading blueprint (ZVT) that will ask the agent to run Python commands, install packages (e.g., zvt), create and write to ~/.zvt, and interact with data provider recorders (which may need API keys). Before installing or running: 1) Confirm you actually want a ZVT-style backtest/trading assistant rather than a pure lifelines analysis tool. 2) Review references/LOCKS.md, seed.yaml, and SKILL.md to understand mandatory semantic locks (they can halt or change behavior) and preconditions. 3) Do not enable autonomous invocation for this skill if you intend to connect to real trading/execution adapters — run it in an isolated environment first. 4) If you proceed, run it in a sandbox or VM, and avoid supplying credentials until you verify which providers are used and why. 5) Because the skill does not declare required credentials but references services that often need keys, expect to be prompted for secrets during runtime — only provide those after careful review.

Review Dimensions

Purpose & Capability: concernName/description promise: lifelines survival analysis and Cox modeling. Actual SKILL.md and supporting files are a Doramagic finance blueprint (finance-bp-126) that describes a full data->backtest->trading pipeline (ZVT), trading semantic locks, and use cases such as A-share backtests and order execution. This is a clear mismatch: survival-analysis functionality would not normally include trading execution, sell-before-buy semantic locks, or ZVT recorder preconditions.
Instruction Scope: concernAlthough instruction-only (no code), the SKILL.md tells the agent to run precondition Python commands (import zvt, run recorders), check/create ~/.zvt, and obey an execution protocol that requires reloading seed.yaml and enforcing many domain constraints/locks. Those instructions direct filesystem writes, package installs (pip install zvt), and could lead to network activity (recorders contacting data providers). They also include fatal trading semantics (e.g., execute sell before buy, next-bar execution) that go beyond pure statistical modeling and could produce trading actions if coupled to an execution adapter.
Install Mechanism: noteNo declared install spec (instruction-only), which is lower risk in isolation. However SKILL.md requires 'Python 3.12+ with uv package manager' and preconditions instruct users/agents to run pip install zvt and run zvt.init_dirs; those are implicit install steps executed at runtime if the agent follows preconditions. Because installs are not declared formally, the skill relies on the agent to fetch/execute third-party packages (zvt and possibly provider recorders).
Credentials: concernThe skill declares no required environment variables but references ZVT_HOME and provider integrations (eastmoney, joinquant, akshare, qmt) that commonly require credentials or config. Preconditions test/modify ~/.zvt and expect writable directories. The skill thus expects access to filesystem and possibly provider credentials while not declaring or requesting them explicitly — a mismatch that can lead to unexpected credential use or filesystem changes.
Persistence & Privilege: notealways:false and no explicit persistent installation of the skill — good. But the execution protocol and preconditions instruct package installation, directory initialization, and test file creation in ~/.zvt, meaning the agent may install packages and write persistent files during use. There's nothing forcing the skill to always be enabled, but it can perform system-level changes when invoked.