功能描述

Mirror congressional stock trades with automated broker execution and risk management

使用说明 (SKILL.md)

ClawBack

Name: Etrade Pelosi Bot
Author: mainfraame

Mirror congressional stock trades with automated broker execution

ClawBack tracks stock trades disclosed by members of Congress (House and Senate) and executes scaled positions in your brokerage account. Built on the premise that congressional leaders consistently outperform the market due to informational advantages.

Features

Real-time disclosure tracking from official House Clerk and Senate eFD sources
Automated trade execution via broker API (E*TRADE adapter included)
Smart position sizing - scales trades to your account size
Trailing stop-losses - lock in profits, limit losses
Risk management - drawdown limits, consecutive loss protection
Telegram notifications - get alerts for new trades and stop-losses
Backtesting engine - test strategies on historical data

Performance (Backtest Results)

Strategy	Win Rate	Return	Sharpe
3-day delay, 30-day hold	42.9%	+6.2%	0.39
9-day delay, 90-day hold	57.1%	+4.7%	0.22

Congressional leaders have outperformed the S&P 500 by 47% annually according to NBER research.

Quick Start

# Clone and setup
git clone https://github.com/openclaw/clawback
cd clawback
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt

# Configure secrets
python3 src/config_loader.py setup

# Authenticate with broker
python3 src/main.py interactive
# Select option 1 to authenticate

# Set up automation
./scripts/setup_cron.sh

Configuration

ClawBack reads secrets from environment variables or config/secrets.json:

{
  "BROKER_API_KEY": "your-broker-api-key",
  "BROKER_API_SECRET": "your-broker-api-secret",
  "BROKER_ACCOUNT_ID": "your-account-id",
  "TELEGRAM_BOT_TOKEN": "optional-for-notifications",
  "TELEGRAM_CHAT_ID": "optional-for-notifications"
}

Supported Brokers

ClawBack uses an adapter pattern for broker integration. Each broker implements a common interface defined in broker_adapter.py.

Broker	Adapter	Status
E*TRADE	`etrade_adapter.py`	Supported
Schwab	`schwab_adapter.py`	Planned
Fidelity	`fidelity_adapter.py`	Planned

To specify which broker to use, set broker.adapter in your config:

{
  "broker": {
    "adapter": "etrade",
    "credentials": {
      "apiKey": "${BROKER_API_KEY}",
      "apiSecret": "${BROKER_API_SECRET}"
    }
  }
}

Data Sources

All data is scraped directly from official government sources:

Source	Data	Method
House Clerk	House PTR filings	PDF parsing
Senate eFD	Senate PTR filings	Selenium scraping

No third-party APIs required for congressional data.

Strategy Settings

Edit config/config.json to customize:

{
  "strategy": {
    "entryDelayDays": 3,
    "holdingPeriodDays": 30,
    "purchasesOnly": true,
    "minimumTradeSize": 50000
  },
  "riskManagement": {
    "positionStopLoss": 0.08,
    "trailingStopActivation": 0.10,
    "trailingStopPercent": 0.05,
    "maxDrawdown": 0.15
  }
}

Commands

# Interactive mode
python3 src/main.py interactive

# Single check cycle
python3 src/main.py run

# Scheduled trading
python3 src/main.py schedule 24

# Run backtest
python3 src/backtester.py

Cron Automation

# Install cron jobs
./scripts/setup_cron.sh

# Manual runs
./scripts/run_bot.sh check    # Check for new trades
./scripts/run_bot.sh monitor  # Check stop-losses
./scripts/run_bot.sh full     # Both

Architecture

clawback/
├── src/
│   ├── main.py              # Main entry point
│   ├── congress_tracker.py  # Congressional data collection
│   ├── trade_engine.py      # Trade execution & risk management
│   ├── broker_adapter.py    # Abstract broker interface
│   ├── etrade_adapter.py    # E*TRADE broker implementation
│   ├── database.py          # SQLite state management
│   └── config_loader.py     # Configuration handling
├── config/
│   ├── config.json          # Main configuration
│   └── secrets.json         # API keys (git-ignored)
├── scripts/
│   ├── run_bot.sh           # Cron runner
│   └── setup_cron.sh        # Cron installer
└── data/
    └── trading.db           # SQLite database

Risk Disclaimer

This software is for educational purposes only. Trading stocks involves substantial risk of loss. Past performance of congressional trades does not guarantee future results. The authors are not financial advisors. Use at your own risk.

License

MIT License - See LICENSE file

Built with ClawBack for the OpenClaw community

安全使用建议

What to consider before installing or running this skill: - Registry vs SKILL.md mismatch: The registry says no required credentials, but SKILL.md and config files require BROKER_API_KEY, BROKER_API_SECRET and BROKER_ACCOUNT_ID (and optionally TELEGRAM tokens). Treat that as a red flag — confirm exactly what secrets the package will ask for before proceeding. - Do not run with real brokerage credentials until you audit the code. The bot will store access tokens and may place real orders. Test only in a broker sandbox or with throwaway credentials and tiny position sizes. - Review setup scripts and cron installer before executing. The bundle includes scripts that will install packages, write config files, and add cron jobs and background processes. If you run them, they will create persistent automation that can trade autonomously. - Check for hardcoded/example keys. Quick start docs include example API keys/secrets — verify they are fake. Never paste keys from docs into production config without verifying their origin. - Inspect where tokens and config are written. The code stores unencrypted tokens in files like .access_tokens.json and config/config.json. Consider using a secrets manager or protecting those files and limiting filesystem access. - Review network endpoints in code. The package uses E*TRADE sandbox/production endpoints and api.telegram.org for notifications — verify these are the only external endpoints, and that there are no hidden exfiltration URLs in the omitted files. - If you allow automation: enable dry-run/sandbox mode first, limit trade sizes, and retain an easy manual kill-switch (cron removal, pkill, or stop script). Monitor logs closely. If you want, I can: - list the files that write tokens/credentials (paths and filenames) so you can inspect them, or - scan the omitted source files for network calls, hardcoded domains, or suspicious code patterns and report findings (this improves confidence).

功能分析

Type: OpenClaw Skill Name: etrade-pelosi-bot Version: 1.0.0 The skill bundle implements an automated trading bot that mirrors congressional stock trades, which involves inherently high-risk capabilities. It sets up persistent execution via cron jobs and optionally systemd services (`scripts/setup_cron.sh`, `src/congress_data/setup_cron.py`, `final_setup.sh`, `setup_integration.sh`), handles sensitive broker API credentials and Telegram tokens (`src/config_loader.py`, `auth_step1.py`, `auth_step2.py`), and performs automated financial transactions via the E*TRADE API (`src/etrade_adapter.py`, `src/trade_engine.py`). While these actions are explicitly stated and necessary for the bot's functionality, the extensive use of persistence mechanisms, direct financial transactions, and sensitive credential handling without clear malicious intent crosses the threshold into 'suspicious' due to the significant potential for misuse or compromise, even if currently aligned with the stated purpose. A minor flag is the presence of hardcoded sandbox API keys in `setup_integration.sh`, though these are not for a production environment.

能力评估

⚠ Purpose & Capability

The skill's declared purpose (mirror congressional trades and execute them via a broker) aligns with the code and scripts (broker adapters, trade engine, cron setup, Telegram notifier). However the registry metadata claims no required env vars/credentials while SKILL.md and multiple config files clearly expect BROKER_API_KEY, BROKER_API_SECRET and BROKER_ACCOUNT_ID (and optional TELEGRAM_*). That metadata mismatch is an incoherence an installer should notice. The bot also targets specific politicians (Pelosi, others) which is consistent with the stated purpose but may be ethically/questionably narrow — this is not a security finding per se but worth noting.

⚠ Instruction Scope

Runtime instructions and scripts ask the user/agent to create config files containing API keys or to read secrets from environment variables or config/secrets.json, to run interactive auth flows, and to run setup scripts that install packages and configure cron jobs. The code writes auth state and access tokens to local files (e.g., .auth_state.json, .access_tokens.json, config/config.json), and the setup scripts install services and schedule recurring cron jobs. These actions go beyond read-only data-fetching: they create persistent automation that can place trades and run background processes. The SKILL.md also recommends running scripts that will modify the host (cron), which increases risk if done without review.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only), but the bundle contains many executable scripts (final_setup.sh, setup_*.sh, install_deps.sh, scripts/setup_cron.sh) that perform pip installs and file writes. The package does not download code from obscure servers; it relies on pip for dependencies and bundled scripts. That is moderate risk: no remote arbitrary archive downloads were observed, but the included scripts install packages and lay down persistent cron entries and control scripts on the host.

⚠ Credentials

The credentials the project needs (broker API key/secret and account id, optional Telegram token/chat id) are appropriate for automated brokerage access. However the registry metadata lists no required env vars while SKILL.md and config files declare those secrets — an incoherence. Additionally, docs/QuickStart include what look like explicit API key/secret strings in examples; embedding credentials or sample keys in documentation is suspicious and could indicate accidental exposure or encourage insecure copying. The code writes tokens to local files (un-encrypted), which is expected for this type of tool but increases the need for careful handling of these secrets.

⚠ Persistence & Privilege

Although 'always' is false, the skill (via its scripts and SKILL.md instructions) sets up cron jobs, creates background runner scripts (nohup), and writes configuration and token files. That creates persistent automation on the host that will continue running independently of the AI agent. This is within the functional scope of an automated trading system but represents significant persistence and privilege (ability to place financial orders) and must be treated with elevated caution.

版本历史

v1.0.0

Initial release of ClawBack – Congressional trade mirroring bot - Tracks and mirrors congressional stock trades with automated real-time brokerage execution. - Integrates with E*TRADE for trade placement (adapter pattern, more brokers planned). - Smart position sizing and risk management (stop-losses, trailing stops, drawdown limits). - Sends Telegram notifications for new trades and risk events. - Includes full backtesting engine and historical strategy performance. - Easy configuration via environment variables or JSON files; cron job support for automation.

元数据

Slug etrade-pelosi-bot

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题

Etrade Pelosi Bot 是什么？

Mirror congressional stock trades with automated broker execution and risk management. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1853 次。

如何安装 Etrade Pelosi Bot？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install etrade-pelosi-bot」即可一键安装，无需额外配置。

Etrade Pelosi Bot 是免费的吗？

是的，Etrade Pelosi Bot 完全免费（开源免费），可自由下载、安装和使用。

Etrade Pelosi Bot 支持哪些平台？

Etrade Pelosi Bot 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Etrade Pelosi Bot？

由 mainfraame（@mainfraame）开发并维护，当前版本 v1.0.0。

Etrade Pelosi Bot