IBKR Investing with Permission Gate
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ibkr-investing Version: 0.1.1 The ibkr-investing skill bundle is a well-structured tool for managing Interactive Brokers accounts with a strong emphasis on safety and human-in-the-loop control. It implements a robust two-step trade confirmation gate (propose → YES → execute) using cryptographically secure tokens stored in restricted files (0600 permissions) to prevent unauthorized execution. The bundle includes comprehensive guardrails for trade size, daily limits, and symbol allow-lists (scripts/_guardrails.py), along with detailed audit logging (scripts/_audit.py) and account snapshotting. No evidence of data exfiltration, malicious execution, or prompt injection was found; the instructions in SKILL.md explicitly reinforce security protocols and refuse trade execution without user confirmation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms a live proposal, the skill can place real stock or ETF orders in the user's IBKR account.
The execute script can submit orders through an authenticated IBKR Gateway. This is the stated purpose and is gated by proposal/token checks, but it is financially high-impact in live mode.
ib = connect(readonly=False) ... trade = ib.placeOrder(contract, order)
Test in paper mode first, keep small per-trade and daily caps, use an allowed-symbol list, and only reply YES to proposals you have reviewed.
Anyone or anything that can access the configured Gateway with the right API permissions may be able to interact with the broker account.
The setup uses IBKR account credentials in the Gateway container and enables non-read-only API access. This is expected for trade placement, but it grants the local Gateway broker-account authority.
TWS_USERID=your_ibkr_username TWS_PASSWORD=your_ibkr_password READ_ONLY_API=no # MUST be 'no' for trade placement
Protect the Gateway .env file, use paper mode until tested, keep 2FA enabled, restrict local access to the Gateway port, and lower live-trading caps.
Installing or running unverified external setup code could affect the local machine outside this skill.
The documented one-time setup pulls and runs external Docker/GitHub components. These steps are user-directed and purpose-aligned, but they are third-party supply-chain inputs.
curl -fsSL https://get.docker.com | sh ... git clone https://github.com/gnzsnz/ib-gateway-docker.git
Review the Docker installer and ib-gateway-docker project, pin versions where possible, and install dependencies in a virtual environment.
Local files may reveal account balances, positions, trading history, or pending proposal details to anyone with access to the user's account files.
The skill stores financial account snapshots, pending proposal state, and audit logs locally. This persistence is disclosed and useful for the skill, but the data is sensitive.
ibkr_snapshot.py writes ~/.aeon/ibkr/snapshots/<UTC-date>.json with NAV, cash, positions ... ~/.aeon/ibkr/ pending/<id>.json ... audit.jsonl
Keep ~/.aeon/ibkr and ~/.aeon/.env private, use restrictive file permissions, and avoid sharing snapshots or audit logs unless intentionally needed.