PeerBerry SDK
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent PeerBerry SDK guidance, but it involves financial-account credentials and can help generate real-money investment actions, so users should keep the documented safeguards enabled.
Before installing or using this skill, verify the external peerberry-sdk package source, use a virtual environment, protect your PeerBerry credentials and TOTP secrets, start with read-only examples, and keep DRY_RUN and order caps in place until you have manually reviewed any live investment script.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user disables dry-run or uses broad criteria, generated scripts could place real investments through the PeerBerry account.
The skill can assist with real-money investment purchases. The same instruction also discloses the risk and specifies safety gates, making this purpose-aligned rather than hidden.
Treat `purchase_loan` as real-money action and gate it with `DRY_RUN` and `MAX_ORDERS`.
Start with read-only calls, keep DRY_RUN enabled for testing, set small MAX_ORDERS and ticket sizes, and require manual review before any purchase_loan call is run live.
Anyone with these credentials or tokens may be able to view account data and potentially perform account actions.
The skill requires sensitive PeerBerry account credentials for its intended authenticated API workflows. This is expected, but it gives access to financial account data and actions.
Use valid PeerBerry credentials (`email`, `password`). If account uses TOTP 2FA, provide `tfa_secret` and install the `otp` extra.
Do not paste real passwords, TOTP secrets, access tokens, or refresh tokens into shared chats or logs; prefer environment variables or a secret manager and revoke any exposed credentials.
Users rely on the integrity of the external package and its dependencies when they install and run SDK code locally.
The skill directs users to install an external package from the Python package ecosystem. This is central to the SDK purpose, but the installed package code is not part of the skill artifacts being reviewed.
pip install peerberry-sdk
Install in a virtual environment, verify the PyPI/GitHub project, consider pinning versions or hashes, and review dependency changes before using it with real account credentials.