backtest-poller 安全扫描报告 — 低风险 | ClawSafe

20 /100

backtest-poller

Background daemon that monitors QuantConnect backtests with adaptive polling, real-time equity tracking, drawdown early-stop, auto-download, and auto-diagnosis

A legitimate QuantConnect backtest monitoring daemon with no malicious behavior; filesystem and shell permissions are implied by documented nohup daemon architecture but not explicitly declared in SKILL.md metadata.

技能名称backtest-poller

分析耗时56.2s

引擎pi

✓

可以安装

Add explicit 'shell:WRITE' and 'filesystem:WRITE' declarations in SKILL.md requires.bins/env, and pin dependency versions in requirements.txt to prevent supply-chain risks.

安全发现 3 项

严重性	安全发现	位置
中危	SKILL.md metadata underdeclares required resources 文档欺骗 SKILL.md requires.bins declares only 'python3', but the implementation uses subprocess.Popen (shell:WRITE equivalent) and filesystem:WRITE for state/log/results files. These are architecturally necessary but undeclared. `subprocess.Popen([sys.executable, poller_script], stdout=log_fd, stderr=log_fd, cwd=..., start_new_session=True)` → Add explicit resource declarations to SKILL.md: filesystem:WRITE for state.json/poller.log/results/, and shell:WRITE for daemon spawning.	`cli.py:280`
低危	Dependencies not pinned to exact versions 供应链 requirements.txt specifies requests>=2.28.0 and python-dotenv>=1.0.0 without upper bounds. This allows any future major version to be installed, increasing supply-chain risk. `requests>=2.28.0 python-dotenv>=1.0.0` → Pin to specific versions (e.g. requests==2.32.3, python-dotenv==1.0.1) and verify these versions have no known CVEs.	`requirements.txt:1`
低危	os.system used for macOS notifications instead of subprocess.run 代码执行 poller.py:445 uses os.system to invoke osascript for system notifications. While documented and functional, os.system is less safe than subprocess.run with argument lists. `os.system(f"""osascript -e 'display notification "{message}" with title "{title}"'""")` → Replace with subprocess.run(['osascript', '-e', 'display notification...']) to avoid shell injection risk (currently low since message is controlled).	`poller.py:445`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	cli.py:280 — subprocess.Popen; poller.py writes state.json, poller.log, results/…
命令执行	`NONE`	`WRITE`	✗ 越权	cli.py:280 — start_new_session=True; poller.py:445 — os.system(osascript)
网络访问	`NONE`	`READ`	✓ 一致	qc_client.py:32 — GET/POST to https://www.quantconnect.com/api/v2
环境变量	`READ`	`READ`	✓ 一致	QC_USER_ID, QC_API_TOKEN, QC_PROJECT_ID read from os.environ in qc_client.py:38 …
技能调用	`NONE`	`NONE`	—	No skill invocation detected

1 项发现

🔗

中危外部 URL 外部 URL

https://www.quantconnect.com/api/v2

qc_client.py:32

目录结构

6 文件 · 52.1 KB · 1458 行

Python 4f · 1294L Markdown 1f · 162L Text 1f · 2L

├─ 🐍 cli.py Python 415L · 13.4 KB

├─ 🐍 poller.py Python 640L · 25.5 KB

├─ 🐍 qc_client.py Python 156L · 5.8 KB

├─ 📄 requirements.txt Text 2L · 38 B

├─ 📝 SKILL.md Markdown 162L · 5.1 KB

└─ 🐍 utils.py Python 83L · 2.3 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`>=2.28.0`	pip	否	No upper bound — major version could be installed
`python-dotenv`	`>=1.0.0`	pip	否	No upper bound

安全亮点

✓ No credential exfiltration: QC_API_TOKEN is used only for local QuantConnect API authentication

✓ No base64-encoded or obfuscated code anywhere in the codebase

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env beyond dotenv loading

✓ No reverse shell, C2, or data theft behavior detected

✓ HMAC-SHA256 authentication scheme for QuantConnect API is correctly implemented

✓ Optional forensics module import gracefully handles missing dependencies

✓ File locking (fcntl.flock) prevents race conditions in state management

✓ Explicit comment removing LLM summary feature shows transparency about removed external calls