ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawback

v1.1.1

Mirror congressional stock trades with automated broker execution and risk management. Use when you want to track and automatically trade based on congressio...

0· 3.5k·5 current·5 all-time
by@mainfraame
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (mirror congressional disclosures and trade via E*TRADE) aligns with the code and instructions: the repo contains an E*TRADE adapter, trade engine, CLI, setup/auth helpers, cron/daemon scripts and config handling. Requiring broker credentials is appropriate. However the registry metadata is inconsistent: it lists no required env vars but provides primaryEnv=BROKER_API_KEY and the README/SKILL.md also expect BROKER_API_SECRET, account id, and optional TELEGRAM tokens. That mismatch between declared requirements and actual needs is a packaging/information coherence issue.
!
Instruction Scope
SKILL.md instructs the agent to run local installation (create a venv, pip install -e .), execute the bundled wrapper {baseDir}/bin/clawback.py and other scripts, prompt the user for E*TRADE Consumer Key/Secret, and read/write ~/.clawback/config.json. Those actions are required for a trading bot but also mean the skill will create files in the user's home, may store long-lived credentials in disk JSON, and run background tasks. The instructions grant broad discretion to execute many local scripts (setup, cron setup, daemon), so a user should review the scripts before running them.
Install Mechanism
There is no remote download from an untrusted URL; installation is local via pip install -e . and the package ships setup and install scripts. That is lower risk than arbitrary URL downloads, but local install/run of Python package code means arbitrary code bundled in the repo will be executed on install/run. The SKILL.md metadata references pip "{baseDir}" which is logical but the registry-level install spec was marked as absent — another metadata inconsistency to be aware of.
!
Credentials
The skill's primary credential is BROKER_API_KEY which is expected. But the code and docs require additional secrets (E*TRADE Consumer Secret, Account ID, optional TELEGRAM_BOT_TOKEN/CHAT_ID) that are not fully declared in the registry's required-env listing. The skill saves credentials into ~/.clawback/config.json and uses persistent token files; storing sensitive keys on disk without explicit encryption is a data-security consideration. There are no unrelated credentials requested, but the mismatch between declared and used env/config items is noteworthy.
!
Persistence & Privilege
The project includes scripts to run as a daemon and to install cron jobs (scripts/setup_cron.sh, cron_manager, run_cron.sh). Running setup can create a venv, scheduled tasks, and long-running background processes that will continue operating and can execute trades autonomously. The skill is not force-included (always:false) but the package explicitly provides mechanisms for persistent background execution — the user must explicitly consent and inspect the cron/daemon scripts before enabling them.
What to consider before installing
This repo appears to implement exactly what it claims (an automated E*TRADE trading bot that mirrors congressional disclosures), but there are several red flags you should address before installing: - Review code and scripts first: inspect setup.sh, install.sh, scripts/setup_cron.sh, bin/clawback.py, and any auth helpers (complete_auth.py, scripts/auth_script.py) to understand exactly what will be run and what will be written to your system. - Use a sandbox account: test only with E*TRADE sandbox credentials and a sandbox brokerage account before giving any production API keys or enabling real trades. - Check where credentials are stored: the setup writes ~/.clawback/config.json and token files. If you must store secrets, consider encrypting them or storing them in a secure vault rather than plaintext files. - Watch for cron/daemon installation: the skill can add scheduled jobs or run background services—only enable those if you trust the code and understand the scheduled behavior and failure modes. - Prefer manual run until comfortable: run commands manually (inside an isolated virtualenv) and observe behavior before allowing automated/daemon operation. - Ask for metadata fixes: the packaging/registry metadata is inconsistent (declared envs vs README/SKILL.md and presence of many code files). Consider requesting the maintainer clarify required env vars, install steps, and whether credentials are persisted/encrypted. Given these inconsistencies and the power to execute trades and install persistent jobs, treat the skill as potentially risky until you (or someone you trust) have audited the code and tested it in a sandbox environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk975kqtby9yr2mcb989qqw0q0581k07t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦀 Clawdis
Binspython3, pip
Primary envBROKER_API_KEY

Comments