Skillv0.3.3

ClawScan security

Stock Pattern Screener · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:30 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (stock pattern screener) largely matches its instructions, but there are mismatches between declared requirements and the runtime instructions (implicit dependency on zvt, Python tooling, and filesystem operations) that warrant caution before installing or running it.
Guidance: This skill appears to be a genuine stock-pattern screening/backtest blueprint, but there are important mismatches and runtime behaviors to consider before installing or running it: - Expect runtime dependency installation: SKILL.md and references require Python 3.12+, the 'uv' manager, and the zvt package. Although the registry shows no required env or install steps, the skill's preconditions instruct the agent to run pip install zvt and initialize ~/.zvt. Treat those runtime installs as network activity and potential code execution. - File-system writes: The skill will check and may create/modify a ZVT_HOME directory (~/.zvt) and relies on host workspace paths referenced in seed.yaml. If you allow it to run, do so in a sandbox or VM if you don't want it touching your real home/workspace. - No upfront credential disclosure: The skill prompts for data providers (eastmoney, joinquant, akshare, qmt). Some providers require API keys/accounts (joinquant, brokers). Do not supply API keys or secrets until you verify precisely where/how they will be used; prefer ephemeral or read-only test credentials. - Ask for clarification / request explicit install manifest: Request the author supply a clear install spec (exact pip/uv packages and trusted sources) and a list of environment variables/credentials the skill will ever ask for. If you cannot verify, run the skill only in an isolated environment. - Audit seed.yaml and references: The skill's seed.yaml contains runtime rules (must re-read seed.yaml before decisions) and execution protocols. Review references/seed.yaml and references/LOCKS.md to ensure the 'semantic locks' and preconditions align with your expected workflow. If you plan to proceed: run the skill in a disposable environment (container/VM) first, deny network access if you want to inspect behavior offline, and do not provide production credentials or access to real trading accounts until you have full visibility into what it executes.

Review Dimensions

Purpose & Capability: noteName/description and the SKILL.md content are coherent: this is a stock-pattern screening/backtest blueprint that references data collection, pattern detectors, scoring, and an API surface. However, metadata/instructions claim the host needs Python 3.12+ and uv package manager and the SKILL.md (and references/LOCKS.md) require zvt and a ZVT_HOME directory — yet the skill's declared requirements list 'none'. That mismatch (no declared binaries/envs but explicit runtime dependencies in the text) is inconsistent and should be resolved.
Instruction Scope: concernSKILL.md and seed.yaml instruct the agent to run precondition checks (e.g., python3 -c 'import zvt' and pip install zvt if missing) and to read/reload seed.yaml on decision points. Those runtime steps can cause network access (pip), write access to user dirs (~/.zvt), and execution of arbitrary Python packages. The instructions also include semantic locks and many preconditions that require reading/writing host files. While these are plausible for a screening/backtest skill, they expand the agent's scope beyond purely read-only analysis and should be explicitly disclosed and approved by the user.
Install Mechanism: noteThere is no install spec (instruction-only), which is lowest-risk on disk at install time. But the seed.yaml execution protocol references host install recipes and SKILL.md tells the agent to run pip install zvt when preconditions fail — so installation may happen at runtime. The skill does not provide a controlled install recipe or indicate trusted package sources; that asymmetry is noteworthy.
Credentials: noteDeclared required env vars: none. In practice, instructions reference ZVT_HOME and check filesystem permissions; the skill will also prompt for data source choices (eastmoney, joinquant, akshare, qmt) some of which require API accounts/keys. The skill does not declare these credentials up front, which is inconsistent and could lead the agent to request or expect secrets during use. No explicit unrelated secrets are requested, but the lack of a clear credential policy is a gap.
Persistence & Privilege: notealways:false (good). The skill can be invoked autonomously per platform defaults (not flagged alone). However seed.yaml contains an execution protocol that mandates re-reading seed.yaml on behavioral decisions and references workspace and skills paths; combined with the preconditions that may create ~/.zvt and install packages at runtime, the skill can end up persisting data and installing packages during normal operation. This is reasonable for a data pipeline tool but should be presented to the user as a permissioned action.