public-dot-com
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claw-skill-public-dot-com Version: 0.1.5 The skill bundle appears benign. All Python scripts are designed to interact with the Public.com API using a dedicated SDK, handling sensitive information (API secret, account ID) through OpenClaw's secure configuration mechanism or environment variables. Dependency installation via `pip install publicdotcom-py` is a standard practice for OpenClaw skills. The `SKILL.md` and `options-automation-library.md` files provide instructions and examples solely focused on financial trading strategies, without any evidence of prompt injection attempts to subvert the agent's behavior for malicious purposes like data exfiltration, unauthorized execution, or persistence. All user inputs are handled safely via `argparse` in the Python scripts, preventing shell injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed too freely, an agent could place financially significant trades based on an automated strategy or misinterpreted signal.
The included playbook shows automated workflows that can place live options orders. For a brokerage account, this is high-impact and the shown examples do not include a required human confirmation or risk limit gate.
Example library for high-volume options traders ... event-driven workflows can be automated ... return client.place_order(req)
Require explicit user confirmation before every live order, show preflight results, and enforce quantity/notional/daily-loss limits or a paper/test account mode.
An agent mistake or ambiguous user request could cancel an active order in the brokerage account.
The script directly sends an order-cancellation request once invoked with arguments; the code shown does not prompt for a final review or confirmation.
client.cancel_order(order_id=order_id, account_id=account_id)
Before canceling, fetch and display the target order details and require an explicit confirmation from the user.
Once configured, the agent can access brokerage account information and potentially perform account-mutating actions using the user's API secret.
The skill requires a brokerage API secret and account identifier. This is expected for the integration, but it grants sensitive account authority and is under-declared in the registry requirements, which list no required env vars or primary credential.
env: ['PUBLIC_COM_SECRET', 'PUBLIC_COM_ACCOUNT_ID'] ... Public.com API key ... PUBLIC_COM_SECRET (required)
Declare the credential and trading capability in registry metadata, prefer least-privilege or read-only keys where possible, and use a revocable/test account for evaluation.
First use may install third-party package code into the environment.
The scripts auto-install a dependency at runtime if it is missing. This is disclosed in SKILL.md and pinned in the scripts, but it still downloads and runs package code on first use.
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
Install dependencies through a reviewed install spec or lockfile, and only use the package from a trusted source.