InvestorClaw
PassAudited by ClawScan on May 6, 2026.
Overview
InvestorClaw appears to be a coherent portfolio-analysis service, but it runs a local Docker service and handles sensitive financial summaries and optional API keys.
Install if you are comfortable running a local Docker-based portfolio service. Before use, confirm the image/source, keep ports 18090 and 18092 local, understand that computed portfolio summaries may go to configured LLM providers, add only necessary API keys, and delete reports/volumes if you want to remove stored financial data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may start a background local service during setup and keep it running until the user stops it.
Installing or completing setup can start a Docker Compose service, pull a large container image, and open local ports. This is central to the skill and disclosed, but it is more than a passive instruction-only skill.
the agent may proceed to `mkdir -p portfolios && docker compose up -d` ... `docker pull` of `~600 MB` ... binds two TCP listeners to localhost
Review the Docker side effects before installing, keep the ports bound to localhost, and use `docker compose down` or `docker compose down -v` when you want to stop the service or remove persisted state.
Your portfolio files and optional provider keys are processed by the container image named in the skill.
The runtime depends on an external OCI image from GHCR. That is disclosed and purpose-aligned, but the main engine image is outside the visible skill text and should be trusted before giving it portfolio files or keys.
metadata: {"image":"ghcr.io/argonautsystems/ic-engine:4.1.36-cpu","mcp-endpoint":"http://localhost:18090/mcp"}Install only from the expected ClawHub/GitHub source, prefer digest-pinned compose files where available, and verify the image/version before use.
A local process or browser able to reach the localhost service could interact with portfolio tools if the service is running.
The service exposes local REST/MCP endpoints, including endpoints that can set keys, refresh data, upload files, and delete stored responses. The documented binding is localhost, which is appropriate, but users should not expose these ports broadly.
All 13 tools also have plain-HTTP REST endpoints at `http://127.0.0.1:18090/api/portfolio/*` ... `POST /api/portfolio/keys_set`
Keep the service on localhost, do not port-forward it to untrusted networks, and confirm user intent before using mutating endpoints such as key changes, uploads, refresh/regenerate, or deletes.
Compromise of the local Docker volume or service could expose or misuse market-data or LLM provider credentials.
The skill can store provider credentials for LLM and market-data services. This is expected for the integrations and is described as allowlisted/local, but the keys are still sensitive.
API keys the user sets via `portfolio_keys_set` or by editing `portfolios/keys.env` are persisted to `/data/keys.env` (mode 0600) inside the named Docker volume.
Only add keys you need, use least-privileged/free-tier keys where possible, rotate keys periodically, and delete keys through the dashboard/tool if you stop using a provider.
Third-party providers may learn sensitive information such as holdings tickers, allocation summaries, performance metrics, and user questions.
The privacy policy discloses external provider flows: narrative providers may receive the user's question and computed portfolio envelope, while market/news providers may receive holdings tickers and date ranges.
the narrator sends the user's question and the signed envelope to `https://api.together.xyz/v1` ... Market-data providers see the ticker symbols the user is asking about
If privacy is critical, avoid cloud LLM keys, point the narrative endpoint to a local model, review the generated envelope/reports before asking, and understand each provider's retention policy.
Old reports, cached responses, and stored envelopes may reveal portfolio details after the original analysis session ends.
The service stores derived portfolio outputs and caches locally for auditability and speed. This is disclosed and useful, but those stored summaries remain sensitive financial records.
Computed summaries and signed JSON envelopes are written to the bind-mounted `./reports/` directory ... Cache of recent pipeline runs lives in the `ic-engine-data` Docker volume
Treat the reports directory and Docker volume as private data, delete stored responses/reports when no longer needed, and remove the volume if uninstalling.