Etrade Pelosi Bot
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed automated stock-trading bot, but it can persistently place broker trades using under-declared broker credentials, so it needs careful review before installation.
Review this as live financial automation, not a simple information skill. Only test with sandbox or dry-run settings first, verify the code source and dependencies, confirm the cron jobs it installs, protect broker tokens, and do not provide live brokerage credentials unless you are comfortable with automated trades and possible financial losses.
VirusTotal
57/57 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled with live broker credentials, the bot may buy or sell securities and could lose money or create unwanted positions.
The skill is intended to place broker orders automatically. That is purpose-aligned, but it is a high-impact action involving real financial account mutations and the artifacts do not show a required per-trade approval gate once automation is enabled.
- **Automated trade execution** via broker API (E*TRADE adapter included)
Use sandbox/dry-run first, require manual confirmation before live orders if possible, cap position sizes, and verify every risk-management setting before granting live trading credentials.
Installing users may not realize from the registry metadata that the skill needs credentials capable of accessing and trading in their brokerage account.
The skill requires broker credentials and an account ID, but the registry metadata says there are no required env vars and no primary credential. This under-declares high-privilege brokerage access.
config:
- BROKER_API_KEY
- BROKER_API_SECRET
- BROKER_ACCOUNT_IDRegistry metadata should explicitly declare the broker credential requirement and scope. Users should create least-privilege/sandbox credentials where available and avoid granting live trading access until fully reviewed.
Anyone or anything with access to the project directory may be able to reuse broker session tokens, depending on the broker’s token behavior.
The OAuth access token and secret are written to a local project file. This is expected for broker automation, but the artifact does not show file permission hardening, encryption, or token-scope limits.
with open('.access_tokens.json', 'w') as f:
json.dump(tokens, f)Store tokens in a secure credential store or restrict file permissions, document token handling clearly, and revoke broker tokens if the project directory is shared or compromised.
After setup, trades may continue on future weekdays without the user actively launching each run.
The bot is designed to keep running on a schedule. Persistence is disclosed and purpose-aligned, but here it is paired with live financial trading authority.
Runs on cron schedule (9 AM weekdays)
Confirm exactly what cron entries are installed, know how to disable them, and keep the bot in dry-run/sandbox mode until live automation is explicitly desired.
A user following the setup instructions may run code or dependencies whose exact provenance is not fully captured by the registry metadata.
The setup path pulls code and dependencies from an external repository, while the registry listing has no install spec and source is shown as unknown. This is not malicious by itself, but users should verify provenance before running trading software.
git clone https://github.com/openclaw/clawback cd clawback python3 -m venv venv && source venv/bin/activate pip install -r requirements.txt
Verify the repository, review dependency pins/lockfiles, and install in an isolated environment before connecting broker credentials.
Trade alerts could reveal sensitive financial activity through Telegram if the bot token, chat, or device is exposed.
Telegram alerts are disclosed and purpose-aligned, but they may transmit trading activity details to an external messaging service.
Sends Telegram notifications for all activities
Enable Telegram only if needed, use a private chat, protect the bot token, and avoid sending account balances or other highly sensitive details in notifications.