ClawHub

test

v1.0.0

Create and manage AI-powered trading bots via natural language. Paper & live trading, portfolio monitoring, backtesting, stock quotes, and options chains.

1· 1.7k·1 current·1 all-time
by@naiiif83·duplicate of @etbars/vibetrader
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI trading bots) match the declared requirement: a single VIBETRADER_API_KEY. The skill's features (bot creation, portfolio, quotes, backtesting) are consistent with a trading-provider integration.
Instruction Scope
SKILL.md's runtime instructions are scoped to trading tasks and configuring the VIBETRADER_API_KEY. It points the agent to an external MCP server (https://vibetrader-mcp-289016366682.us-central1.run.app/mcp) — expected for a managed service but important to note because runtime data (trade commands, account queries) will flow there. The doc does not direct reading unrelated files or other env vars.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. Low install risk.
Credentials
Only one required env var (VIBETRADER_API_KEY) is declared and used in instructions. Storing the API key in ~/.openclaw/openclaw.json is suggested (normal for OpenClaw), but it's worth noting that this writes a long-lived credential to a local config file.
Persistence & Privilege
always:false and no special system-wide privileges requested. The skill can be invoked autonomously (platform default); because it can place trades when given an API key, autonomous invocation increases risk if you enable live mode. Consider limiting autonomy or keeping the skill in paper mode until you trust it.
Assessment
This skill appears internally consistent for providing trading-bot functionality and only requests one API key (VIBETRADER_API_KEY). Before installing: 1) Verify you trust the external service and its MCP server URL (the skill sends commands/data there). 2) Keep the key scope-limited if possible and store it securely; the README suggests adding it to ~/.openclaw/openclaw.json which creates a persistent credential on disk. 3) Start in paper-trading mode and monitor actions closely before enabling live trading. 4) If you plan to allow autonomous actions, be aware the agent could execute trades using the provided API key — you may prefer to require explicit confirmation for trade-executing commands. If you want further assurance, ask the publisher for documentation on how brokerage credentials are handled (e.g., whether Alpaca credentials are kept only on the Vibetrader site and not stored by the skill).

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwmz3c1epw9tvj245jkna8x8093ed

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvVIBETRADER_API_KEY

Comments