ClawHub

IBKR + OpenClaw

v1.0.0

Connect OpenClaw to Interactive Brokers via IB Gateway Docker. Live portfolio data, real-time quotes, historical K-lines, technical analysis, and Telegram al...

0· 77·0 current·0 all-time
byXinshen@amuletxheart
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (IBKR integration, portfolio/quotes/history) align with included code and instructions: a small client script (ibkr_client.py) that connects to a local IB Gateway on 127.0.0.1 and a setup script that clones the public gnzsnz/ib-gateway-docker repo. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs cloning the IB Gateway Docker repo, creating a .env with your IBKR username/password, running docker compose, and installing Python deps. These steps are expected for this integration, but they include elevated operations (curl https://get.docker.com | sh) and instruct storing IBKR credentials in plain text (.env) and optional VNC credentials. The skill claims 'read-only safe' and configures READ_ONLY_API=yes, but some ib_async features may still request write access (noted in docs).
Install Mechanism
There is no platform install spec; install.sh is an installer script that runs pip install and git clone of a public GitHub repo. All external sources are well-known (GitHub, get.docker.com). No downloads from obscure hosts or obfuscated payloads are present.
!
Credentials
The registry metadata declares no required environment variables, yet the instructions require creating a .env containing TWS_USERID and TWS_PASSWORD and optional VNC password — plaintext credentials stored on disk. Requesting IBKR credentials is proportionate to the stated purpose, but the manifest omission (declares none) is an inconsistency and storing a live account password in .env is a security risk (consider using paper account and/or minimizing exposure).
Persistence & Privilege
always:false and no special platform privileges requested. The skill writes only into the user's OpenClaw workspace (clones ib-gateway-docker) and does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says, but review and harden before use: 1) Expect to put your IBKR username/password into a .env file in plaintext — prefer using a paper account and limit access to that file (file system permissions, encrypted vault) rather than a live account. 2) The instructions suggest running get.docker.com via curl|sh — avoid piping random scripts; install Docker from your OS package manager if you prefer more auditable steps. 3) Verify the cloned repo (https://github.com/gnzsnz/ib-gateway-docker) yourself and review its docker-compose and startup behavior. 4) Keep VNC disabled unless you need it; if enabled, bind to localhost and secure the password. 5) Note the manifest does not declare required env vars though the skill expects them — be cautious about where you store credentials. 6) Run the gateway on an isolated host or network and firewall ports 4001/4002/5900 appropriately. If you need higher assurance, request the skill author provide a missing .env.template file and a signed source or run everything in a disposable VM first.

Like a lobster shell, security has layers — review code before you run it.

dockervk975r9ane7y2jy201y1zh15dzs83tmpfibkrvk975r9ane7y2jy201y1zh15dzs83tmpfinteractive-brokersvk975r9ane7y2jy201y1zh15dzs83tmpflatestvk975r9ane7y2jy201y1zh15dzs83tmpfportfoliovk975r9ane7y2jy201y1zh15dzs83tmpftradingvk975r9ane7y2jy201y1zh15dzs83tmpf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments