v0.1.0

Portfolio Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

Review before installing because the skill needs sensitive Alpaca brokerage credentials and account data, and its setup guidance is not clearly limited to read-only or paper-trading access.

GuidanceInstall only if you are comfortable giving the skill access to Alpaca brokerage data. Prefer paper-trading or read-only API keys, avoid full-permission live credentials, verify the Alpaca MCP server and any Python packages are from trusted sources, and keep generated portfolio reports out of shared or version-controlled folders.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

references/alpaca-mcp-setup.md

The Alpaca MCP server may be available through Claude's MCP marketplace or as a standalone package ... pip install alpaca-trade-api

The documentation points users to external MCP/server and SDK installation paths without a pinned package version or specific trusted source in the provided artifacts.

User impactInstalling the wrong or untrusted MCP server/SDK could put brokerage credentials at risk.

RecommendationInstall Alpaca-related tooling only from official, verified sources, pin package versions where possible, and review the MCP server before granting it API keys.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

README.md

python3 portfolio-manager/scripts/test_alpaca_connection.py

The skill includes a user-directed local Python test command for checking the Alpaca connection; it is documented as a manual setup step, not hidden automatic execution.

User impactRunning the helper script will execute local code that likely interacts with Alpaca credentials for connection testing.

RecommendationReview the script before running it and execute it only in an environment where you are comfortable exposing your Alpaca API configuration.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/alpaca-mcp-setup.md

export ALPACA_SECRET_KEY="your_secret_key" ... export ALPACA_PAPER=false ... Regenerate API keys with full permissions

The setup supports live Alpaca credentials and even recommends full-permission keys in troubleshooting, while the stated portfolio-analysis workflow only needs read/account data.

User impactA live or full-permission brokerage API key could expose real financial account authority beyond simple analysis if used with an MCP server or tools that can trade or change account state.

RecommendationUse paper trading or read-only Alpaca keys if available, avoid full-permission live keys for analysis, and make the credential requirements explicit in the skill metadata before installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Use Alpaca MCP Server tools to gather current portfolio information ... Use WebSearch or available market data APIs to fetch

The skill routes brokerage-derived data through an MCP integration and may use external search or market-data providers to enrich position analysis.

User impactYour holdings, ticker list, or account-derived context may be processed by external tools or providers as part of the analysis.

RecommendationConfirm the Alpaca MCP server is trusted, avoid sending quantities or account identifiers to general web search when ticker-only lookup is sufficient, and review provider privacy expectations.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

README.md

All positions with quantities, values, P/L ... Report Location: `portfolio_analysis_YYYY-MM-DD.md` in repository root

The generated report can persist detailed financial holdings and performance data in a local repository path.

User impactA saved report may expose sensitive portfolio information if the repository is synced, shared, backed up, or committed to version control.

RecommendationSave reports only in private locations, add generated portfolio reports to `.gitignore` when working in a repository, and redact account-specific details before sharing.