Sim Trading MVP
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sim-trading-mvp Version: 0.2.1 The skill implements a comprehensive paper-trading simulator with clear instructions for the AI agent to maintain a model portfolio. It includes a Python script (scripts/update_account.py) for calculating account equity and return percentages, and provides templates for cron-based automation (references/cron-setup.md) and reporting. The instructions in SKILL.md emphasize data integrity, explicitly forbid the fabrication of market data, and provide sound security advice regarding the handling of API keys (e.g., using .env files instead of hardcoding). All high-risk capabilities, such as file I/O and scheduled tasks, are directly aligned with the stated purpose of a persistent, automated trading simulation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user enables automation, the agent may keep making simulated trading decisions and updating local logs on a schedule.
The skill documents recurring scheduled agent jobs that can continue running after setup.
Use four jobs on US trading days (`America/New_York`): ... `pre_or_open` ... `intraday` ... `near_close` ... `postmarket_sync`
Only enable cron if you want recurring automation; inspect existing jobs first and remove or update them when you no longer want the workflow.
Local project files may contain trading preferences, temperament/style notes, positions, watchlists, and historical decisions that influence later agent behavior.
The skill stores personalized trading style and user preference context for reuse across sessions.
write the resulting style into the local project/account files
Keep the project directory private, review stored account/style files periodically, and edit or delete stale preferences if they should not guide future decisions.
A market-data API key may be used by the local runtime for quotes and benchmarks.
The workflow may need a Finnhub market-data credential, though it instructs users to keep the key outside public skill files.
Store API keys outside the skill itself, for example in a local project `.env` or another secret-bearing runtime configuration.
Use a least-privilege market-data key, store it only in private local configuration, and do not paste it into reports, logs, SKILL.md, or shared repositories.
Users have less context for verifying the publisher, history, or upstream maintenance of the skill.
The registry metadata does not provide an upstream source or homepage for independent provenance review.
Source: unknown; Homepage: none
Review the included files before use and prefer a known source or publisher if provenance is important for your environment.