Congress Trades Tracker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: congress-trades Version: 1.1.4 The skill is classified as suspicious due to a prompt injection vulnerability against the OpenClaw agent. The `scripts/scraper.py` script fetches data from `api.quiverquant.com` and writes formatted alerts, including potentially unsanitized external data, to `data/pending_congress_alert.txt`. The `SKILL.md` explicitly instructs the OpenClaw agent to read this file and send its content as an alert, creating a vector for prompt injection if the external API data were to contain malicious agent commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation depends on the user's Python environment and package source.
The skill asks the user to install an external Python dependency. This is expected for a Quiver API scraper, but the dependency is not represented in the install metadata or pinned by an install spec.
Python 3.10+ with `requests` (`pip install requests`)
Install dependencies from a trusted Python environment and consider pinning or reviewing the package version if you need reproducible setup.
Your Quiver API key will be used by the script for repeated API polling.
The script reads a Quiver API token from the environment and sends it in the Authorization header to Quiver's API. This is disclosed and purpose-aligned, with no evidence of logging or sending it elsewhere.
API_KEY = os.environ.get("QUIVER_API_KEY") ... "Authorization": f"Token {API_KEY}"Use a Quiver key appropriate for this purpose, avoid hard-coding it, and revoke or rotate it if you stop using the skill.
The scraper may keep making API requests and writing local files in the background.
The setup recommends a cron entry that runs the scraper every minute. This persistence is explicit, user-level, and aligned with real-time monitoring, but it will continue until the user removes it.
* * * * * . "$HOME/.profile" && /usr/bin/python3 /path/to/scripts/scraper.py >> /path/to/logs/scraper.log 2>&1
Only add the cron job if you want continuous monitoring, verify the paths, and know how to remove the crontab and HEARTBEAT entries later.
Alert text stored on disk may be placed into the agent's context during heartbeat checks.
The skill creates a persistent local alert file from API-derived trade data that OpenClaw is expected to read and forward. This is the intended alert mechanism, but the file should be treated as data rather than authoritative instructions.
Writes formatted alert to `data/pending_congress_alert.txt` for OpenClaw pickup
Keep the alert/data directory private, and configure the agent to forward alert contents as data without following any instructions that might appear inside alert text.