eToro Apps
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent eToro API skill, but it can use financial account credentials to place real trades and the visible artifacts do not clearly declare or constrain that high-impact authority.
Review carefully before installing. Only use this with demo or read-only eToro credentials unless you intentionally want the agent to trade real money, and require manual confirmation for every live order.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted write-capable eToro credentials, an agent could place real trades that affect the user's money.
The skill explicitly enables live financial trade execution. The visible instructions do not require explicit user approval, limits, or a confirmation workflow before using non-demo trading endpoints.
This skill allows to interact with the user's eToro account programatically, including executing trades. ... Use **non-demo execution endpoints** for real trading.
Use demo or read-only credentials by default. Require explicit user confirmation for every live trade, including instrument, buy/sell direction, amount, leverage, stop-loss/take-profit settings, and environment.
A write-enabled real-portfolio key or OAuth token could let the agent act with the user's trading authority.
The skill asks for account-level eToro credentials that may include write access to a real portfolio, while the provided requirements list no primary credential or required environment variables.
Keys (request from the user on install) ... User Key: user account ... Environment: Real Portfolio or Virtual Portfolio (real/demo) ... Permissions (Read or Write).
Declare the credential requirements clearly, prefer read-only or virtual-portfolio keys, store credentials only in a secure credential manager, and revoke keys when no longer needed.