Is brendanwood/portfolio-trader safe?

https://github.com/openclaw/skills/tree/main/skills/brendanwood/portfolio-trader

92
SAFE

This is a legitimate portfolio trading skill that integrates with the SnapTrade API for brokerage account management. The skill handles sensitive financial data and can place trades, but the code appears well-structured and follows good security practices. No malicious behavior detected during installation or code review.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

INFO Handles Sensitive Trading Credentials -15

The skill requires and stores SnapTrade API credentials (client_id, consumer_key, user_secret) in a local config file. This is necessary for the skill's trading functionality but represents sensitive data handling.

LOW External URL Reference -5

The skill references an external URL (https://snaptrade.com) for account creation, which is legitimate but represents an external dependency.

INFO Python Trading Scripts -10

The skill contains multiple Python scripts for trading operations. Code review shows legitimate SnapTrade API integration without malicious behavior.

INFO Financial Trading Capabilities -15

This skill can place real stock trades and access financial account data, which carries inherent financial risk if misconfigured or misused.