ClawHub

Sharesight Skill for OpenClaw

v1.0.0

Manage Sharesight portfolios, holdings, and custom investments via the API

1· 1.8k·4 current·4 all-time
by@lextoumbourou
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe Sharesight portfolio management and the skill only requires SHARESIGHT_CLIENT_ID and SHARESIGHT_CLIENT_SECRET (and an optional SHARESIGHT_ALLOW_WRITES). The requested env vars and the HTTP calls in the code target api.sharesight.com, which is proportionate and expected.
Instruction Scope
SKILL.md and README describe CLI commands, authentication, and safe defaults (writes disabled). The runtime instructions reference only Sharesight API endpoints and standard local config files; they do not instruct reading unrelated system files or sending data to unexpected endpoints.
Install Mechanism
No automated install spec is provided (instruction-only install), so nothing is downloaded from third-party URLs at install time. The repository includes Python package files (pyproject.toml, source), which is consistent with a CLI tool but no remote installers or opaque download URLs are used.
Credentials
Only SHARESIGHT_CLIENT_ID and SHARESIGHT_CLIENT_SECRET are required, plus an optional SHARESIGHT_ALLOW_WRITES flag. These are exactly the credentials needed for OAuth client-credentials access to Sharesight; there are no unrelated or excessive credential requests.
Persistence & Privilege
This skill does not request always:true and does not modify other skills. It persists access tokens to ~/.config/sharesight-cli/config.json (and sets file permissions to 0600) which is a normal, limited persistence for API tokens.
Assessment
This skill appears to do what it says: a local CLI and API wrapper for Sharesight. Before installing or enabling it, verify the publisher/source (no homepage was provided here). Be aware that you must supply your Sharesight Client ID and Client Secret — treat those like passwords. The tool caches access tokens under ~/.config/sharesight-cli/config.json (permissions set to 0600). Write operations are disabled by default; only set SHARESIGHT_ALLOW_WRITES=true if you trust the code and the environment. If you are concerned about trust, inspect the included Python files yourself or run the CLI in an isolated environment; if credentials are ever exposed, rotate them in the Sharesight account.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fz75yjz73kf1934m7zfamh80entb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSHARESIGHT_CLIENT_ID, SHARESIGHT_CLIENT_SECRET

Comments