ClawHub

Finam

v1.0.4

Execute trades, manage portfolios, access real-time market data, browse and search market assets, scan volatility, and answer questions about Finam Trade API

1· 830·2 current·2 all-time
byAlexander Panov@alexander-panov
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (curl, jq, python3), required env vars (FINAM_API_KEY, FINAM_ACCOUNT_ID), included scripts, and referenced endpoints (api.finam.ru, finam.ru, FinamPy GitHub) all align with a Finam Trade API client. The provided assets and reference docs match the described functionality.
Instruction Scope
SKILL.md instructs the agent to obtain a JWT from Finam and then call Finam REST endpoints or run bundled Python scripts. The scripts only access the Finam API and local asset files; they do not read unrelated system paths or request unrelated credentials. Note: the scripts may perform many API requests (e.g., fetching /assets/all or scanning top-100 tickers) and will surface account-specific data when FINAM_API_KEY / ACCOUNT_ID are used, which is expected for this purpose.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or installed by the skill itself. The skill expects standard binaries already present (curl, jq, python3) which is proportionate to the task.
Credentials
The skill only requires FINAM_API_KEY and FINAM_ACCOUNT_ID, which are the reasonable credentials for this API. Treat FINAM_API_KEY as sensitive: it can be used to obtain short-lived JWTs and perform account operations (including trades) per the API. The helper will optionally store a JWT in FINAM_JWT_TOKEN (process environment or user-exported shell variable) for convenience.
Persistence & Privilege
always is false and the skill does not request system-wide config or other skills' credentials. The scripts set FINAM_JWT_TOKEN in the process environment (and examples show exporting it in the shell) but do not attempt to modify other skills or global agent configuration.
Assessment
This skill appears to be a legitimate Finam Trade API client. Before installing, be aware that: (1) FINAM_API_KEY is sensitive — anyone with it can obtain JWTs and interact with your trading account, so store it securely; (2) running the included scripts (especially --active false or pagination over /assets/all and the volatility scanner) can generate many API requests and may hit rate limits or trigger account activity; (3) the skill will suggest exporting a short-lived JWT (FINAM_JWT_TOKEN) to your shell for convenience — only do that in trusted shells and sessions. If you only need read-only market data, consider using an API key/account with limited privileges if Finam supports that.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ebawap0tefn55147vw7wfdd84xmvg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
Binscurl, jq, python3
EnvFINAM_API_KEY, FINAM_ACCOUNT_ID

Comments