ClawHub

Questrade

v1.0.0

Execute and monitor stock trades for openclaw.ai workflows using Questrade's browser platform with Yahoo Finance cross-checks. Use when Codex is asked to pre...

0· 492·0 current·0 all-time
by@witty-quotes25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Questrade checklist + Yahoo cross-checks) aligns with the included artifacts: two scripts (market_snapshot.py, build_trade_checklist.py), playbook and policy docs. There are no unrelated requirements (no cloud credentials, no extra binaries). No evidence the skill attempts to call Questrade APIs or otherwise require broker credentials.
Instruction Scope
SKILL.md instructs the agent to run local scripts and follow the browser playbook; scripts read an optional local Questrade CSV and call Yahoo Finance endpoints for quotes. This is within the expected scope, but note the scripts perform outbound HTTP requests to query Yahoo and read/write local files specified by the user (out path, CSV input).
Install Mechanism
No install spec; this is instruction-only with bundled scripts. Nothing is downloaded or executed from remote arbitrary URLs. Risk from installation is minimal.
Credentials
The skill declares no required environment variables, secrets, or config paths. The only way sensitive data enters outputs is via explicit user flags (e.g., --include-sensitive and --local-sensitive-storage-confirm), which the docs and code gate. This matches the stated privacy-first design.
Persistence & Privilege
Skill is not force-included (always: false) and uses normal model-invocation settings. It does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed by default on the platform but the skill's own guardrails emphasize manual broker submission only.
Assessment
This skill appears coherent and low-risk for its stated purpose, but take these precautions before installing or running it: 1) Inspect the bundled scripts yourself (they are included) and confirm no modifications; 2) Run in paper/test mode first and verify outputs with non-sensitive sample data; 3) Be aware market_snapshot.py makes outbound requests to Yahoo Finance — if you need an air-gapped run, avoid network access; 4) Never paste broker credentials, MFA codes, or session cookies into chat or script arguments; the tool will include raw account IDs only if you explicitly pass the sensitive flags; 5) Prefer running the scripts locally (not in an unknown remote runtime) and keep final submission manual in the Questrade Web UI as the playbook requires; 6) Consider the publisher/trust: source/homepage is unknown, so if you plan persistent use, prefer a vetted upstream or maintain a local audited copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9780nzj4x1mxw40be5ds021p181ewp1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments