ClawHub

Claw Portfolio

v1.0.2

Track stock and crypto portfolios with CLI - real-time prices, P&L, dividend tracking, multiple portfolios

0· 594·4 current·4 all-time
byRichard Soutar@rsoutar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (portfolio tracker with CLI + optional web UI) match the provided files and runtime commands. The code implements CLI commands and an optional Next.js web UI, uses Yahoo Finance and CoinGecko for prices/dividends, and stores data locally in data/portfolio.json. The presence of Next.js/React in package.json is justified by the optional web UI documented in SKILL.md.
Instruction Scope
SKILL.md instructs only to run npm install, optionally npm link, and to invoke the CLI via npx tsx portfolio.ts. The instructions and code operate on local paths (data/portfolio.json) and call only public price/dividend APIs. There are no instructions to read unrelated system files, environment variables, or to exfiltrate data to unexpected endpoints.
Install Mechanism
There is no custom install spec (instruction-only), so installation is the normal npm install of the bundled project. That will pull a substantial dependency tree (Next.js, React, tsx, many packages) which is expected given the included web UI, but is heavier than a minimal CLI-only tool. No downloads from arbitrary URLs or extract steps are present.
Credentials
The skill declares no required environment variables or credentials and the code does not attempt to access any secrets or unrelated config paths. It does make outbound requests to public APIs (Yahoo Finance and CoinGecko) which is reasonable for price/dividend data and proportional to its purpose.
Persistence & Privilege
The skill does persist its own data to data/portfolio.json within the project directory. It does not request always:true, does not modify other skills or system settings, and does not request elevated privileges. Optional npm link (global CLI) is user-controlled and documented.
Assessment
This skill appears coherent and implements the described portfolio CLI + optional web UI. Before installing: (1) be aware npm install will pull a large dependency tree (Next.js, React, etc.) — if you only need the CLI you can review package.json and remove the web UI deps or run the script with a minimal environment; (2) the tool stores data locally at data/portfolio.json in the project directory — back it up if needed and don't run the project from a directory with sensitive files; (3) it makes outbound calls to public APIs (Yahoo Finance, CoinGecko) to fetch prices/dividends, so expect network traffic; (4) if you want least risk, inspect the repository locally or run it in a container/isolated environment before linking globally. No credentials are requested by the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk978qq8vfz3vjh2rmh7zc8bck981cz3z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis

Comments