Position Tracker
PassAudited by ClawScan on May 10, 2026.
Overview
Position Tracker appears purpose-aligned, but it can be connected to powerful broker, exchange, or cloud accounts and optional auto-reconciliation can close or correct external positions.
This looks like a legitimate state-tracking library rather than malicious behavior. Before installing or using it with real accounts, verify the package source, test with read-only or sandbox credentials, keep automatic closing disabled until you trust the workflow, and protect the local state file.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could execute code from a package source that may differ from the reviewed artifact if the user does not verify it.
The skill recommends installing a package from a package registry or copying the included local file. This is user-directed and normal for a Python library, but the install command is not pinned to a version or checksum.
pip install position-tracker # OR copy position_tracker.py to your project
Prefer the reviewed included `position_tracker.py` file or install a pinned, verified package version from a trusted source.
If enabled incorrectly, the tracker could close or cancel real positions/resources, potentially causing financial loss or service disruption.
The library exposes an optional path that can close external positions through the user's adapter. This is disclosed and default-off, but it is high-impact if used with real broker, exchange, cloud, or subscription accounts.
`cleanup_orphans(orphans, auto_close=False)` ... `auto_close` (bool): If True, close orphans via API adapter
Keep `auto_close` disabled until tested, require human approval for real closures, and scope adapters to only the intended account/resources.
A broadly privileged API client could let reconciliation actions affect more positions or resources than intended.
The integration pattern expects a user-provided broker/exchange client with authority to read and close positions. The skill does not show credential capture or storage, but the delegated account permissions can be powerful.
return self.broker_client.get_positions() ... return self.broker_client.close(position_id)
Use least-privilege API keys, read-only credentials for detection-only mode, and separate credentials for any close/cancel authority.
A temporary API inconsistency or race could lead to incorrect cleanup or closure attempts.
The documentation acknowledges race conditions during reconciliation. If automatic corrective actions are enabled, a stale or false orphan/phantom detection could propagate into real cleanup actions.
External state can change between ... Fetching positions from API ... Taking corrective action ... Workarounds: Verify before cleanup ... Disable auto-reconcile
Use manual review or a two-step detect-then-verify workflow for production accounts, especially for financial or cloud resources.
The state file may contain sensitive position/resource metadata, and local tampering could influence future reconciliation decisions.
The tracker stores position state and user-defined metadata in a persistent local JSON file and reloads it on startup.
self.state_file = os.path.join(state_dir, state_file) ... json.dump(data, f, indent=2) ... os.replace(tmp, self.state_file)
Store the state directory in a protected location, avoid putting secrets in metadata, and consider backups or integrity checks for production use.