trading212 Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Trading212 portfolio/trading helper, but it handles real brokerage credentials, can place orders when invoked, and stores portfolio snapshots locally.
Before installing, confirm you trust the skill with Trading212 API access, keep TRADING212_DEMO=true unless you intend to trade live, never approve an order without checking the details, and protect or periodically remove the local snapshot files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with live credentials and live mode enabled, the skill can place real buy or sell orders in the user's brokerage account.
The skill exposes an execute_trade mode for financial orders, but the artifact also clearly instructs the agent to obtain confirmation and warn about live trading.
**CRITICAL SAFETY RULES**: 1. NEVER execute a trade without explicit user confirmation. ... If `TRADING212_DEMO=false`, warn the user clearly that this is a REAL order with real money.
Keep demo mode enabled unless intentionally trading live, verify the exact symbol, side, quantity, and order type, and only approve trades you explicitly requested.
Compromised or over-permissive API credentials could expose portfolio data or allow account actions depending on the Trading212 key permissions.
The skill requires brokerage API credentials, which is expected for Trading212 account access but grants sensitive authority.
Required env vars: TRADING212_API_KEY, TRADING212_API_SECRET; Primary credential: TRADING212_API_KEY
Use the least-privileged Trading212 API key available, store it securely, and revoke or rotate it if you stop using the skill.
Anyone with access to the snapshot directory may be able to see historical financial holdings and portfolio values.
The skill persists portfolio snapshots, including positions, cash, and total value, to local JSON files for later performance comparisons.
_DEFAULT_DIR = Path(__file__).resolve().parents[3] / "snapshots" ... json.dump(snapshot, fh, indent=2, ensure_ascii=False)
Store snapshots in a private directory, set TRADING212_SNAPSHOT_DIR if needed, and delete old snapshots if you do not want local financial history retained.
Dependency behavior can change over time if newer package versions are installed.
The skill depends on common PyPI packages using lower-bound version ranges, so future installs may resolve to newer package versions.
requests>=2.31.0 python-dotenv>=1.0.0 pyyaml>=6.0.1
Install in an isolated virtual environment and consider pinning or reviewing resolved dependency versions before use.