backtester 安全扫描报告 — 可信 | ClawSafe

5 /100

backtester

Professional backtesting framework for trading strategies

Professional backtesting framework with no malicious behavior detected. Code performs legitimate financial calculations on local SQLite data.

技能名称backtester

分析耗时22.8s

引擎pi

✓

可以安装

This skill is safe to use. Consider pinning package versions if dependency stability is a concern.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation mentions unimplemented API SKILL.md references Tiger API for professional data, but backtest.py only uses local SQLite. This appears to be a planned feature, not hidden behavior. `API: Tiger API for professional data` → Update docs to reflect current implementation or implement the API feature	`SKILL.md:138`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	backtest.py:23 - os.path.exists() and sqlite3.connect()
数据库	`READ`	`READ`	✓ 一致	backtest.py:30-52 - pd.read_sql_query()
网络访问	`NONE`	`NONE`	—	No network requests found in code
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution
环境变量	`NONE`	`NONE`	—	No os.environ access

3 文件 · 19.1 KB · 574 行

Markdown 1f · 323L Python 1f · 246L JSON 1f · 5L

├─ 📋 _meta.json JSON 5L · 129 B

├─ 🐍 backtest.py Python 246L · 8.2 KB

└─ 📝 SKILL.md Markdown 323L · 10.8 KB

包名	版本	来源	已知漏洞	备注
`pandas`	`*`	pip	否	Not explicitly listed in requirements
`numpy`	`*`	pip	否	Not explicitly listed in requirements
`sqlite3`	`builtin`	stdlib	否	Python standard library

✓ No network requests or data exfiltration

✓ No shell execution or subprocess calls

✓ No credential harvesting or environment variable access

✓ No obfuscation techniques (base64, eval, etc.)

✓ Uses only standard Python libraries (sqlite3, pandas, numpy)

✓ All database operations are read-only (SELECT queries only)

✓ Input validation present for stock symbols and date formats

✓ No hidden functionality detected