public-dot-com
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed too freely, an agent could place financially significant trades based on an automated strategy or misinterpreted signal.
The included playbook shows automated workflows that can place live options orders. For a brokerage account, this is high-impact and the shown examples do not include a required human confirmation or risk limit gate.
Example library for high-volume options traders ... event-driven workflows can be automated ... return client.place_order(req)
Require explicit user confirmation before every live order, show preflight results, and enforce quantity/notional/daily-loss limits or a paper/test account mode.
An agent mistake or ambiguous user request could cancel an active order in the brokerage account.
The script directly sends an order-cancellation request once invoked with arguments; the code shown does not prompt for a final review or confirmation.
client.cancel_order(order_id=order_id, account_id=account_id)
Before canceling, fetch and display the target order details and require an explicit confirmation from the user.
Once configured, the agent can access brokerage account information and potentially perform account-mutating actions using the user's API secret.
The skill requires a brokerage API secret and account identifier. This is expected for the integration, but it grants sensitive account authority and is under-declared in the registry requirements, which list no required env vars or primary credential.
env: ['PUBLIC_COM_SECRET', 'PUBLIC_COM_ACCOUNT_ID'] ... Public.com API key ... PUBLIC_COM_SECRET (required)
Declare the credential and trading capability in registry metadata, prefer least-privilege or read-only keys where possible, and use a revocable/test account for evaluation.
First use may install third-party package code into the environment.
The scripts auto-install a dependency at runtime if it is missing. This is disclosed in SKILL.md and pinned in the scripts, but it still downloads and runs package code on first use.
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
Install dependencies through a reviewed install spec or lockfile, and only use the package from a trusted source.