Trade History
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is narrowly aimed at reading a local trade log, but users should know it runs a referenced Python script that was not included in the reviewed files and displays private trade records.
Install only if you expect a local trades.jsonl file to be read and displayed. Verify the referenced read.py helper before running it, because it was not included in the reviewed package, and treat the trade-history output as private financial information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent builds this command carelessly from unusual user input, the shell command could be malformed or behave unexpectedly.
The skill passes optional user-facing filter values through a bash command. This is expected for the skill, but the artifacts do not show argument validation or a safer non-shell invocation method.
Run with JSON args to filter or limit results:
python3 ~/.npm-global/lib/node_modules/openclaw/skills/trade-history/read.py '{"limit": 10, "symbol": "BTCUSDT"}'Use only normal trading symbols and numeric limits, and prefer an implementation that passes arguments without shell interpolation or validates symbol and limit values.
The reviewed artifact does not show what read.py actually does, so users cannot verify the runtime behavior from this package alone.
The workflow depends on a helper script, but the provided manifest says the skill has only SKILL.md and no code files, so the referenced helper was not available for review.
Step 1 — Run the read script via bash tool: python3 ~/.npm-global/lib/node_modules/openclaw/skills/trade-history/read.py
Before using the skill, confirm that the referenced read.py exists, comes from a trusted source, and only reads the intended trade log.
A user asking for trade history may expose private trading details in the conversation.
The skill reads and displays persistent local trade records, which may reveal trading activity, strategy notes, and performance information.
Read and display recorded trade events from the local trades.jsonl log file... Show each trade: symbol, side, entry, sl, tp, note, timestamp
Use this skill only in trusted chats, and avoid sharing outputs that contain sensitive strategy notes or account activity.