Back to skill
Skillv0.1.0
ClawScan security
Storyclaw Alpaca Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 3:36 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill implements Alpaca trading functionality that matches its description, but there are configuration inconsistencies and operational risks (ability to place market orders, an 'all‑in' aggressive strategy, and mismatches between declared env vars and how the code loads credentials) that warrant caution before installing or using it with real keys.
- Guidance
- This skill is capable of placing real market orders via Alpaca and includes an aggressive, all‑in strategy. Before installing: (1) only supply paper-trading API keys and test thoroughly in paper mode, (2) inspect or remove aggressive-strategy.js if you don't want automated 'buy max' behavior, (3) verify where the code is loading credentials (credentials/{USER_ID}.json vs config.json vs env vars) so you don't accidentally expose or use live keys, (4) do not allow autonomous agent invocation to run trades without an explicit, human confirmation step, and (5) run the code in a sandboxed environment first. If you want to proceed, test each command manually with paper keys and confirm the bot never runs unattended.
Review Dimensions
- Purpose & Capability
- noteName/description (Alpaca trading) match the included Node scripts which call Alpaca APIs. Requested binary 'node' is appropriate. However, the metadata and SKILL.md declare ALPACA_API_KEY/ALPACA_API_SECRET env vars, while the code primarily loads per-user credentials from credentials/{USER_ID}.json (config-loader) and momentum-strategy even reads a repo-level config.json — this is inconsistent and may cause accidental use of the wrong credential source.
- Instruction Scope
- concernSKILL.md instructs the agent to always ask and require explicit confirmation before executing trades, but the scripts themselves (trading.js, momentum-strategy.js, aggressive-strategy.js) will submit market orders when invoked. The instruction set relies on human-in-the-loop behavior but does not enforce it programmatically. Commands and examples reference USER_ID / TELEGRAM_USER_ID; config-loader requires USER_ID or TELEGRAM_USER_ID environment variables — this coupling may be surprising and could lead to running with unintended credentials or without explicit confirmation.
- Install Mechanism
- okNo install spec or external downloads are declared (instruction-only plus included source files). No suspicious external URLs or extract operations. The highest-risk install patterns are not present.
- Credentials
- concernThe skill declares ALPACA_API_KEY and ALPACA_API_SECRET (appropriate for Alpaca), but the code mainly expects per-user credential files (credentials/{USER_ID}.json) and momentum-strategy reads config.json from the repo root. This mismatch can lead to confusion about where to place secrets and increases the chance of accidentally exposing or using the wrong API keys. The number of secrets requested is minimal and appropriate for trading, but the credential-loading behavior is inconsistent and could cause accidental use of live trading credentials.
- Persistence & Privilege
- notealways:false (good). disable-model-invocation:false (default) allows the agent to call the skill autonomously; combined with the skill's ability to place market orders, that expands blast radius. This is not a platform misconfiguration by itself, but you should treat the skill as capable of performing impactful actions if the agent is allowed to invoke it without manual confirmation.