← 返回 Skills 市场
trading212 Skill
作者
Naoufal Andichi
· GitHub ↗
· v1.0.0
741
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install trading212-v2
功能描述
Analyzes Trading212 portfolio, generates daily summaries with P&L and top gainers/losers, makes trade proposals based on configurable rules, and can place or...
安全使用建议
This skill appears to do what it says: portfolio analysis, trade proposals, and order placement via Trading212. Before installing: 1) Keep TRADING212_DEMO=true (paper trading) until you have tested and reviewed behavior; only set TRADING212_DEMO=false when you intentionally want live trades. 2) Review and control the .env file in the project root — it will be loaded into the process and may contain other secrets. 3) Provide only the Trading212 API key/secret to this skill; do not reuse highly privileged credentials. 4) Inspect the config/ files (rules.yaml, watchlist.yaml, allocation.yaml) to understand automated proposal rules. 5) Install Python dependencies from a trusted environment (pip install -r requirements.txt) and review the code if you plan to grant the skill the ability to place live orders or permit autonomous agent invocation.
功能分析
Type: OpenClaw Skill
Name: trading212-v2
Version: 1.0.0
The skill is classified as suspicious due to vulnerabilities related to arbitrary file path manipulation via environment variables. Specifically, `scripts/proposal_rules.py` and `scripts/snapshot.py` allow overriding the default configuration and snapshot directories using `TRADING212_RULES_PATH` and `TRADING212_SNAPSHOT_DIR` environment variables, respectively. An attacker capable of controlling these environment variables could potentially inject malicious rules or exfiltrate/overwrite data by directing the skill to arbitrary file paths. While the `SKILL.md` contains strong safety instructions for the AI agent, particularly regarding trade execution and the demo/live environment, these file path vulnerabilities present a risk of unintended behavior if exploited.
能力评估
Purpose & Capability
Name/description match code and required items. The skill requires Trading212 API key/secret and Python, implements portfolio summary, proposal generation, and order placement via the Trading212 REST API (demo/live endpoints). Required env vars and declared binaries are proportionate to the stated functionality.
Instruction Scope
SKILL.md and scripts instruct running pip install -r requirements.txt and running the provided Python scripts. The skill loads a .env file (if present) before initializing, reads config/*.yaml files, and writes snapshots to a snapshots/ directory. SKILL.md emphasises explicit user confirmation before executing trades, but the code provides an execute_trade mode that will place orders when invoked with parameters — therefore the agent or user must follow the confirmation guidance to avoid unintended live orders.
Install Mechanism
No install spec provided; the skill includes a requirements.txt (requests, python-dotenv, pyyaml) and asks the user to run pip install -r requirements.txt. These are common packages from PyPI; there are no downloads from untrusted URLs or archive extraction steps in the bundle.
Credentials
Only mandated secrets are TRADING212_API_KEY and TRADING212_API_SECRET (primary credential declared). Optional env vars (TRADING212_DEMO, TRADING212_SNAPSHOT_DIR, TRADING212_RULES_PATH) are reasonable. One caveat: the code automatically loads a .env file (if present) into the process environment (via python-dotenv). If a project .env contains unrelated secrets, those values will be accessible to the running code; while the code does not appear to read or transmit unrelated secrets, loading .env increases the surface area and should be considered before installation.
Persistence & Privilege
The skill writes daily snapshot JSON files to a snapshots/ directory (created if missing) and uses in-memory caching. It does not request always:true and does not modify other skills. Because it can place live orders when TRADING212_DEMO=false, granting it API credentials plus allowing autonomous invocation increases risk — the SKILL.md warns to require explicit confirmation and to keep demo=true by default.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trading212-v2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/trading212-v2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Trading212 skill.
- Analyze Trading212 portfolios and generate daily summaries with P&L plus top gainers/losers.
- Provide trade proposals based on configurable rule sets.
- Support order execution with strict user confirmation and demo/real mode safeguards.
- Offer dividend overviews, order history, watchlist price alerts, and portfolio allocation analysis with rebalancing proposals.
- All features return structured JSON designed for clear, human-readable summaries.
元数据
常见问题
trading212 Skill 是什么?
Analyzes Trading212 portfolio, generates daily summaries with P&L and top gainers/losers, makes trade proposals based on configurable rules, and can place or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 741 次。
如何安装 trading212 Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trading212-v2」即可一键安装,无需额外配置。
trading212 Skill 是免费的吗?
是的,trading212 Skill 完全免费(开源免费),可自由下载、安装和使用。
trading212 Skill 支持哪些平台?
trading212 Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 trading212 Skill?
由 Naoufal Andichi(@nandichi)开发并维护,当前版本 v1.0.0。
推荐 Skills