Clawback
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
ClawBack is a disclosed trading bot, but it needs careful review because it can store broker credentials and automatically place real-money trades, including as a background service.
Install only if you intentionally want an automated brokerage trading bot. Start in sandbox mode, review and protect the credential file, set strict risk limits, avoid daemon mode until tested, and confirm how to stop the bot and revoke broker/API access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misconfigured or invoked unexpectedly, the agent could place trades that affect the user's brokerage account and create real financial losses.
The skill exposes a command that starts automated trading and explicitly supports a production real-money mode; the visible instructions do not show a required per-order approval checkpoint.
| `/clawback run` | Start trading bot: Execute `{baseDir}/bin/clawback.py run` | ... Ask "Do you want to use **sandbox** (testing) or **production** (real money)?"Use sandbox mode first, set conservative limits, and only enable production trading after reviewing the configuration and confirming how orders are approved or stopped.
Broker credentials can enable account access and trade placement; compromise or misuse could expose the account to unauthorized actions.
The skill collects and stores brokerage API credentials and an account identifier, giving it delegated authority over a financial account.
Ask the user for ... **Consumer Key** ... **Consumer Secret** ... **Account ID** ... Create/update `~/.clawback/config.json` ... `"apiKey": "<consumer_key>", "apiSecret": "<consumer_secret>"`
Use broker credentials with the narrowest available permissions, prefer sandbox credentials during testing, protect `~/.clawback/config.json`, and revoke/rotate credentials if no longer needed.
A background trading bot may continue acting after the initial command, potentially placing trades while the user is not actively watching.
The skill offers a background service mode for the same system that can execute broker trades, creating persistent autonomous activity.
| `/clawback daemon` | Run as background service: Execute `{baseDir}/bin/clawback.py daemon` |Avoid daemon/background mode until fully tested, know how to stop it, and monitor logs, account activity, and any cron/service entries.
The skill will run local code from the package during setup and operation.
The setup flow runs local Python installation commands. This is expected for a Python CLI skill, but it means local package code is installed and later executed.
cd `{baseDir}` && python3 -m venv venv && source venv/bin/activate && pip install -e .Install only from a source you trust and review the package or run it in a contained environment if concerned.
Trade alerts or status messages could be visible wherever the configured Telegram bot/chat sends them.
The skill supports sending alerts through Telegram, which may reveal trading activity or bot status to an external messaging channel.
**Telegram Notifications** - Optional alerts via Telegram ... `TELEGRAM_BOT_TOKEN=your_bot_token` `TELEGRAM_CHAT_ID=your_chat_id`
Use a private Telegram chat, protect bot tokens, and verify what information is included in notifications before enabling them.