Back to skill
Skillv1.0.0
ClawScan security
Questrade · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 8:01 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code implements a legitimate Questrade integration, but the package/registry metadata omits the sensitive credentials it requires (refresh token) and some runtime behavior (writing rotated tokens to disk), which is an important mismatch the user should understand before installing.
- Guidance
- This skill appears to implement the Questrade API correctly, but the registry metadata failed to declare the sensitive credentials it needs. Before installing: (1) only provide your Questrade refresh token if you trust the skill source — verify the owner and code. (2) Be aware the script will save rotated refresh tokens and an access-token cache to ~/.openclaw in plaintext; restrict those files' permissions (e.g., chmod 600) or keep them in a locked environment. (3) Prefer creating a read-only/token limited account if possible, and enable QUESTRADE_READ_ONLY to block orders. (4) Consider running the script in an isolated environment (container/VM) if you are unsure. (5) Ask the publisher to update the registry metadata to declare QUESTRADE_REFRESH_TOKEN as the primary credential and to document file-write behavior so automated systems can make an informed install decision.
Review Dimensions
- Purpose & Capability
- concernThe skill name/description match the included code: it accesses Questrade account and market data. However the registry metadata declares no required environment variables or primary credential, while the SKILL.md and the script clearly require a Questrade refresh token (QUESTRADE_REFRESH_TOKEN) and optionally QUESTRADE_PRACTICE / QUESTRADE_READ_ONLY. That omission is an inconsistency — a credential is required for the stated purpose but not declared.
- Instruction Scope
- noteThe runtime instructions and the Python script are focused on Questrade API calls only. They instruct users to provide a refresh token via env var or ~/.openclaw/credentials/questrade.json. The script reads/writes that credentials file and a token cache at ~/.openclaw/data/questrade-token-cache.json (it also updates the in-process env). These file reads/writes and network calls are within scope for this broker API skill, but the auto-saving of rotated refresh tokens to disk is a behavior users should be aware of.
- Install Mechanism
- okThis is an instruction-only skill with a small Python script and a requirements.txt (requests). No remote downloads, installers, or obscure third-party packages are used. Installing via pip install -r requirements.txt is sufficient and expected.
- Credentials
- concernThe skill requires a sensitive OAuth refresh token and honors QUESTRADE_PRACTICE and QUESTRADE_READ_ONLY env vars, but the registry metadata lists no required env vars or primary credential. The script also persists rotated refresh tokens in plaintext under the user's home directory (~/.openclaw), which is reasonable functionally but increases local credential exposure. The combination (sensitive creds required but not declared) is disproportionate to how the registry advertises the skill.
- Persistence & Privilege
- noteThe skill does persist state: it writes rotated refresh tokens and an access-token cache under ~/.openclaw. It does not request global privileges or always:true. Persisting the token and cache is functionally reasonable for an API client, but users should note files are created in their home directory and are stored in plaintext.