Skillv0.3.3

ClawScan security

Pandas Ta Indicators · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:29 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (compute and visualize TA with pandas-ta) mostly matches what it offers, but the runtime instructions refer to running local Python checks, a ZVT-based pipeline that can include trading execution, and a seed.yaml-driven install/verification flow — behaviors that go beyond a simple indicator/visualization helper and deserve careful review before installing or running.
Guidance: This skill looks like a documentation/blueprint for a ZVT-based TA pipeline rather than a small, self-contained 'pandas-ta' helper. Before installing or running it: - Treat it as code-generation + orchestration, not only a plotting tool. Expect the agent to run Python commands, check or create ~/.zvt, and (depending on host integration) attempt package installs. - Do not provide broker or data-provider credentials (joinquant, brokers, etc.) unless you verify exactly where and how they'll be used. The SKILL.md mentions trading_execution but requests no credentials — ask the author how trade execution is implemented and which credentials would be needed. - Inspect seed.yaml and references locally (they are included) to understand required packages and the precondition checks the skill will perform. If you permit the agent to run precondition commands, run them in a sandbox or review the exact commands first. - If you only want indicator calculations/visuals, prefer running the code the skill generates manually in a controlled environment rather than letting the agent execute installs or backtests automatically. If you want me to, I can: (1) extract and list the concrete precondition commands and filesystem paths the skill would run/access, (2) summarize which packages you would need to install manually, or (3) produce a minimal, offline-only example that computes RSI/MACD/Bollinger using pandas-ta without any ZVT/backtest/trading steps.

Review Dimensions

Purpose & Capability: noteName/description say: compute TA indicators and visualize them. The SKILL.md repeatedly references ZVT, a full data/backtest/trading pipeline and requires 'Python 3.12+ with uv package manager' in metadata, but the skill declares no install steps, no required binaries, and no credentials. The inclusion of 'trading_execution' in the pipeline and many semantic locks (order execution rules) is disproportionate for a pure 'indicators+visualization' helper because trading execution normally requires broker credentials and explicit install/runtime steps which are not requested here.
Instruction Scope: concernSKILL.md and seed.yaml instruct the agent to reload seed.yaml, run precondition python checks (examples use python3 -c 'import zvt; ...'), verify imports and run install recipes, and consult workspace paths. Those instructions implicitly ask the agent to run local commands, access the host workspace, check or create ~/.zvt, and potentially trigger pip installs — actions beyond merely computing indicators. The skill also enforces semantic 'fatal' locks for trading logic (next-bar execution, sell-before-buy) which indicate a permission to produce trading code or workflows; the SKILL.md does not limit or require explicit user confirmation before such actions.
Install Mechanism: noteThere is no explicit install spec (instruction-only), which is lower risk. However seed.yaml and SKILL.md describe an install/verification protocol (run host_adapter.install_recipes[], verify packages via import checks) and demand Python 3.12+ with the uv package manager — a mismatch between declared manifest (no install) and the textual runtime requirements. That mismatch could lead an agent to request or attempt package installs at runtime if implemented by the host adapter.
Credentials: noteThe skill declares no required environment variables or credentials, which is appropriate for indicator computation. But it references data providers that sometimes require accounts (joinquant) and references trading execution in pipeline/locks without declaring any broker API credentials. This omission is an incoherence: if the skill were to execute trades or fetch protected data, additional credentials would normally be required.
Persistence & Privilege: okFlags show always:false and normal autonomous invocation allowed. The skill does not request persistent 'always' privilege nor modify other skills' configs. The main persistence-related instruction is to read/reload seed.yaml and to use host workspace paths; that is an instruction-level behavior rather than an explicit elevated platform privilege.