Skillv0.1.0

ClawScan security

Trading DevBox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 8:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description promises running backtests and returning results, but the runtime instructions are incomplete and inconsistent (no data sources, no dependency/install steps, and the provided script only prints a placeholder), so the skill's actual behavior doesn't match its stated purpose.
Guidance: This skill is internally inconsistent: it says it will run backtests and return results but the runtime instructions only write a template script to /tmp and print a placeholder; it doesn't provide data sources or dependency installation steps (backtrader is imported but not installed). Before installing or running this skill: 1) Ask the author to clarify how market data is obtained and where results are stored; 2) Request explicit, pinned install steps for dependencies (e.g., pip install backtrader==<version>) rather than leaving the agent to fetch packages; 3) Require the agent to seek explicit user confirmation before executing any generated code or installing packages; 4) Run the skill in an isolated/containerized environment and review the generated strategy.py before execution to avoid arbitrary code running on your machine; 5) If the skill will access exchange APIs, ensure it requests only the minimal credentials needed and documents how they are used. These changes would resolve the main incoherences; absent them, treat the skill cautiously.

Review Dimensions

Purpose & Capability: concernThe skill claims to write and run Python backtests and return results, but it declares no required binaries, dependencies, or credentials. The SKILL.md references backtrader (a third‑party Python package) and backtesting over market data, yet gives no instructions for obtaining market data, installing backtrader, or accessing exchange/data APIs. These omissions are disproportionate to the stated capability.
Instruction Scope: concernThe instructions tell the agent to write /tmp/trading-devbox/strategy.py and run python3 on it. The included strategy.py imports backtrader but only outputs a JSON status message and does not actually perform a backtest or load any market data. There is no guidance about data sources, credentials, or where to store results. Writing files and executing Python is expected for a devbox, but the steps are incomplete and grant the agent discretion to install packages or fetch data if it attempts to complete the workflow — this ambiguity is risky.
Install Mechanism: noteNo install spec is provided (instruction-only), which keeps risk lower because nothing is preinstalled by the skill. However, the instructions import backtrader without telling the agent how to install it; a real agent might attempt to pip install packages at runtime, which could pull arbitrary code from PyPI. The absence of explicit, pinned install steps is a missing and notable detail.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate to the stated purpose on its face, but because backtesting usually requires market data or exchange API keys, the lack of declared data/credential requirements may indicate incomplete design rather than excessive privilege requests.
Persistence & Privilege: okalways is false, the skill is user-invocable, and there is no indication it attempts to modify other skills or system-wide settings. File writes are limited to /tmp in the instructions. No elevated persistence behavior is requested.