Zipline Daily Backtest
ReviewAudited by ClawScan on May 10, 2026.
Overview
Review before installing because this backtesting helper also contains an unrelated documentation-deployment workflow that may clean or move files, and it mentions optional broker or paid data access.
Treat this as a Review item rather than confirmed malware. If you install it, keep setup in an isolated Python environment, use read-only or free market-data sources when possible, avoid broker credentials unless explicitly needed, and do not run the documentation-deployment workflow without confirming exact files and publication targets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent could alter documentation/build artifacts or prepare content for publication even though the user installed a backtesting skill.
A skill advertised for stock backtesting includes a user-triggered documentation deployment workflow that can clean and move files and prepare publication, without visible path or publish-target scoping.
Zipline Documentation Deployment ... building and deploying Zipline documentation by cleaning old artifacts, moving files to temporary locations ... Triggers: deploy, documentation, docs
Only use the docs-deployment workflow after explicitly confirming the project, exact paths to clean or move, and whether anything will be published.
Providing broker or paid-provider credentials could grant more account access than needed for a backtest if not scoped carefully.
The skill may use paid data-provider or broker access. That is purpose-aligned for market data, but the artifacts do not define credential scope or handling.
Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock ... akshare, or qmt (broker)?
Prefer free or read-only data sources; do not provide broker trading credentials unless you explicitly intend broker integration and understand the access granted.
Running the setup could modify the active Python environment and create local data directories.
The reference setup directs installation of an unpinned third-party Python package and local initialization. This is expected for ZVT backtesting, but it is not represented as a formal install spec.
on_fail: Run: python3 -m pip install zvt then re-run: python3 -m zvt.init_dirs
Run setup in a virtual environment, pin package versions where possible, and review commands before executing them.