Is brendanwood/portfolio-trader safe?
https://github.com/openclaw/skills/tree/main/skills/brendanwood/portfolio-trader
This is a legitimate portfolio trading skill that integrates with the SnapTrade API for brokerage account management. The skill handles sensitive financial data and can place trades, but the code appears well-structured and follows good security practices. No malicious behavior detected during installation or code review.
Category Scores
Findings (4)
INFO Handles Sensitive Trading Credentials -15 ▶
The skill requires and stores SnapTrade API credentials (client_id, consumer_key, user_secret) in a local config file. This is necessary for the skill's trading functionality but represents sensitive data handling.
LOW External URL Reference -5 ▶
The skill references an external URL (https://snaptrade.com) for account creation, which is legitimate but represents an external dependency.
INFO Python Trading Scripts -10 ▶
The skill contains multiple Python scripts for trading operations. Code review shows legitimate SnapTrade API integration without malicious behavior.
INFO Financial Trading Capabilities -15 ▶
This skill can place real stock trades and access financial account data, which carries inherent financial risk if misconfigured or misused.