ClawHub

local-portfolio-auditor

v1.0.0

Audits cryptocurrency addresses and stock tickers from a local file, providing current values using public APIs without storing private keys.

0· 343·0 current·0 all-time
bySahil Bhonde@sahil1005
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation: main.py reads a local portfolio.json and queries CoinGecko and (optionally) Etherscan for read-only data. There are no unrelated binaries, credentials, or system paths requested.
Instruction Scope
SKILL.md instructs the agent to run python3 main.py which only reads a local portfolio.json and makes outbound HTTP requests to public APIs. The instructions do not direct the agent to read unrelated files, exfiltrate data to arbitrary endpoints, or perform write operations. Network calls are limited to CoinGecko, Etherscan, and an AlphaVantage placeholder.
Install Mechanism
No install spec is provided; this is an instruction-only skill with a small requirements.txt (requests). Nothing is downloaded from untrusted URLs and no archives are extracted.
Credentials
The manifest lists no required environment variables. main.py optionally reads ETHERSCAN_API_KEY (used only if set) and the README suggests an AlphaVantage API key for stock data; AlphaVantage is not actually read by main.py (it uses a dummy stock price). The optional ETHERSCAN_API_KEY is proportionate for address balance lookups; do not provide private keys.
Persistence & Privilege
always is false and the skill does not modify other skills or agent-wide configuration. It has no elevated persistence or privileges.
Assessment
This skill appears to do what it says: read a local portfolio.json and call public APIs for prices/balances. Before installing, review and edit portfolio.json locally (do not put private keys or secrets there). If you want accurate stock prices, integrate a trusted stock API and supply its API key via environment variables; main.py currently uses a dummy stock price and only optionally uses ETHERSCAN_API_KEY for ETH balances. Consider running it in an isolated environment (or container) if you are nervous about network calls, and verify any added dependencies before installing.

Like a lobster shell, security has layers — review code before you run it.

auditvk97atmhdx2xjbk8x96j77r8dmx81p9qzcryptovk97atmhdx2xjbk8x96j77r8dmx81p9qzfinancevk97atmhdx2xjbk8x96j77r8dmx81p9qzlatestvk97atmhdx2xjbk8x96j77r8dmx81p9qzportfoliovk97atmhdx2xjbk8x96j77r8dmx81p9qzprivacyvk97atmhdx2xjbk8x96j77r8dmx81p9qzstocksvk97atmhdx2xjbk8x96j77r8dmx81p9qz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

SKILL.md

name: Local Portfolio Auditor slug: local-portfolio-auditor summary: Monitors cryptocurrency addresses and stock tickers from a local file using public APIs. description: |- This skill provides a privacy-focused way to audit your financial portfolio. It reads a list of cryptocurrency addresses and stock symbols from a local configuration file (e.g., portfolio.json) and fetches their current values using public, read-only APIs. No private keys are ever requested or stored, ensuring maximum security. The skill then presents a summary of your holdings. author: Manus AI version: 0.1.0 trigger:

  • "audit my portfolio"
  • "check my crypto holdings"
  • "what's my stock value" commands:
  • name: audit description: Audits the user's portfolio based on the local configuration file. usage: "audit" script: python3 main.py

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…