Sim Trading MVP
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent simulated-trading skill, but users should notice its optional recurring cron automation, local persistent trading logs/preferences, and possible Finnhub API key use.
Before installing, decide whether you want cron automation, verify the project file paths, keep any Finnhub key in private local configuration, and remember this is for simulated trading rather than real brokerage execution.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user enables automation, the agent may keep making simulated trading decisions and updating local logs on a schedule.
The skill documents recurring scheduled agent jobs that can continue running after setup.
Use four jobs on US trading days (`America/New_York`): ... `pre_or_open` ... `intraday` ... `near_close` ... `postmarket_sync`
Only enable cron if you want recurring automation; inspect existing jobs first and remove or update them when you no longer want the workflow.
Local project files may contain trading preferences, temperament/style notes, positions, watchlists, and historical decisions that influence later agent behavior.
The skill stores personalized trading style and user preference context for reuse across sessions.
write the resulting style into the local project/account files
Keep the project directory private, review stored account/style files periodically, and edit or delete stale preferences if they should not guide future decisions.
A market-data API key may be used by the local runtime for quotes and benchmarks.
The workflow may need a Finnhub market-data credential, though it instructs users to keep the key outside public skill files.
Store API keys outside the skill itself, for example in a local project `.env` or another secret-bearing runtime configuration.
Use a least-privilege market-data key, store it only in private local configuration, and do not paste it into reports, logs, SKILL.md, or shared repositories.
Users have less context for verifying the publisher, history, or upstream maintenance of the skill.
The registry metadata does not provide an upstream source or homepage for independent provenance review.
Source: unknown; Homepage: none
Review the included files before use and prefer a known source or publisher if provenance is important for your environment.