← Back to Skills Marketplace
trading212 Skill
by
Naoufal Andichi
· GitHub ↗
· v1.0.0
741
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install trading212-v2
Description
Analyzes Trading212 portfolio, generates daily summaries with P&L and top gainers/losers, makes trade proposals based on configurable rules, and can place or...
Usage Guidance
This skill appears to do what it says: portfolio analysis, trade proposals, and order placement via Trading212. Before installing: 1) Keep TRADING212_DEMO=true (paper trading) until you have tested and reviewed behavior; only set TRADING212_DEMO=false when you intentionally want live trades. 2) Review and control the .env file in the project root — it will be loaded into the process and may contain other secrets. 3) Provide only the Trading212 API key/secret to this skill; do not reuse highly privileged credentials. 4) Inspect the config/ files (rules.yaml, watchlist.yaml, allocation.yaml) to understand automated proposal rules. 5) Install Python dependencies from a trusted environment (pip install -r requirements.txt) and review the code if you plan to grant the skill the ability to place live orders or permit autonomous agent invocation.
Capability Analysis
Type: OpenClaw Skill
Name: trading212-v2
Version: 1.0.0
The skill is classified as suspicious due to vulnerabilities related to arbitrary file path manipulation via environment variables. Specifically, `scripts/proposal_rules.py` and `scripts/snapshot.py` allow overriding the default configuration and snapshot directories using `TRADING212_RULES_PATH` and `TRADING212_SNAPSHOT_DIR` environment variables, respectively. An attacker capable of controlling these environment variables could potentially inject malicious rules or exfiltrate/overwrite data by directing the skill to arbitrary file paths. While the `SKILL.md` contains strong safety instructions for the AI agent, particularly regarding trade execution and the demo/live environment, these file path vulnerabilities present a risk of unintended behavior if exploited.
Capability Assessment
Purpose & Capability
Name/description match code and required items. The skill requires Trading212 API key/secret and Python, implements portfolio summary, proposal generation, and order placement via the Trading212 REST API (demo/live endpoints). Required env vars and declared binaries are proportionate to the stated functionality.
Instruction Scope
SKILL.md and scripts instruct running pip install -r requirements.txt and running the provided Python scripts. The skill loads a .env file (if present) before initializing, reads config/*.yaml files, and writes snapshots to a snapshots/ directory. SKILL.md emphasises explicit user confirmation before executing trades, but the code provides an execute_trade mode that will place orders when invoked with parameters — therefore the agent or user must follow the confirmation guidance to avoid unintended live orders.
Install Mechanism
No install spec provided; the skill includes a requirements.txt (requests, python-dotenv, pyyaml) and asks the user to run pip install -r requirements.txt. These are common packages from PyPI; there are no downloads from untrusted URLs or archive extraction steps in the bundle.
Credentials
Only mandated secrets are TRADING212_API_KEY and TRADING212_API_SECRET (primary credential declared). Optional env vars (TRADING212_DEMO, TRADING212_SNAPSHOT_DIR, TRADING212_RULES_PATH) are reasonable. One caveat: the code automatically loads a .env file (if present) into the process environment (via python-dotenv). If a project .env contains unrelated secrets, those values will be accessible to the running code; while the code does not appear to read or transmit unrelated secrets, loading .env increases the surface area and should be considered before installation.
Persistence & Privilege
The skill writes daily snapshot JSON files to a snapshots/ directory (created if missing) and uses in-memory caching. It does not request always:true and does not modify other skills. Because it can place live orders when TRADING212_DEMO=false, granting it API credentials plus allowing autonomous invocation increases risk — the SKILL.md warns to require explicit confirmation and to keep demo=true by default.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trading212-v2 - After installation, invoke the skill by name or use
/trading212-v2 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the Trading212 skill.
- Analyze Trading212 portfolios and generate daily summaries with P&L plus top gainers/losers.
- Provide trade proposals based on configurable rule sets.
- Support order execution with strict user confirmation and demo/real mode safeguards.
- Offer dividend overviews, order history, watchlist price alerts, and portfolio allocation analysis with rebalancing proposals.
- All features return structured JSON designed for clear, human-readable summaries.
Metadata
Frequently Asked Questions
What is trading212 Skill?
Analyzes Trading212 portfolio, generates daily summaries with P&L and top gainers/losers, makes trade proposals based on configurable rules, and can place or... It is an AI Agent Skill for Claude Code / OpenClaw, with 741 downloads so far.
How do I install trading212 Skill?
Run "/install trading212-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is trading212 Skill free?
Yes, trading212 Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does trading212 Skill support?
trading212 Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created trading212 Skill?
It is built and maintained by Naoufal Andichi (@nandichi); the current version is v1.0.0.
More Skills