Scan Report
5 /100
perfect-storm-options-trader
Autonomous paper trading options strategy for OpenClaw using Perfect Storm (PS+/PS-) methodology with Alpaca paper API
This is a legitimate paper trading strategy specification with no executable code, no malicious behavior, and comprehensive safety controls enforced throughout.
Safe to install
This skill is safe to use. It contains only documentation and configuration files. The actual execution depends on the OpenClaw agent runtime which enforces paper-only mode, hard risk limits, and safe API interaction.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md requires reading risk_config.yaml and AGENTS.md at startup |
| Network | READ | READ | ✓ Aligned | SKILL.md requires Alpaca paper API calls for account state, positions, and order… |
| Shell | NONE | NONE | — | No shell commands, subprocess, or bash execution described in any file |
| Environment | READ | READ | ✓ Aligned | Requires APCA_API_KEY_ID and APCA_API_SECRET_KEY env vars, checked for paper end… |
| Skill Invoke | NONE | NONE | — | No skill invocation or inter-agent communication described |
| Clipboard | NONE | NONE | — | No clipboard access mentioned |
| Browser | NONE | NONE | — | No browser automation described |
| Database | NONE | NONE | — | No database access mentioned; logs are written as structured JSON objects |
1 findings
Medium External URL 外部 URL
https://paper-api.alpaca.markets SKILL.md:73 File Tree
3 files · 34.9 KB · 1164 lines Markdown 2f · 1010L
YAML 1f · 154L
├─
AGENTS.md
Markdown
├─
risk_config_openclaw_best_practices.yaml
YAML
└─
SKILL.md
Markdown
Security Positives
✓ Paper trading only - explicitly halts on live broker detection
✓ No executable code - only specification documents (markdown/yaml)
✓ Comprehensive risk controls with halt conditions
✓ API keys required are for intended paper trading use only
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No external data exfiltration or C2 communication
✓ No obfuscation or base64-encoded execution
✓ No supply chain dependencies to analyze
✓ Clear documentation of all capabilities and limits
✓ Mandatory journaling of all decisions including skips