Back to skill
Skillv1.0.0
ClawScan security
Query real-time and historical financial data across equities and crypto prices, market moves, metrics, and trends for analysis, alerts, and reporting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:30 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, instructions, and included Python client are consistent with a market-data client that needs a single AISA_API_KEY and network access to api.aisa.one.
- Guidance
- This skill appears internally consistent: it includes a Python client and curl examples that call api.aisa.one and requires one API key (AISA_API_KEY). Before installing, verify you trust the AIsa provider and the api.aisa.one domain (billing, data retention, and privacy). Treat the AISA_API_KEY like any secret: provide a scoped/rotated key if possible, monitor API usage, and avoid reusing the same key across unrelated services. If you plan to run the included script, run it in a controlled environment (network monitoring or sandbox) until you confirm expected behavior.
Review Dimensions
- Purpose & Capability
- okThe name/description (market data: equities + crypto) matches the required items: a single AISA_API_KEY, curl and python3, and a Python client that calls https://api.aisa.one endpoints. Nothing requested appears unrelated to providing market data.
- Instruction Scope
- okSKILL.md contains concrete curl examples and CLI usage for the provided endpoints. Instructions only direct the agent to use the AISA API and do not instruct reading unrelated local files, scanning system state, or sending data to unexpected endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only), and the included code is a local Python client. Nothing downloads or executes external archives during install; the code makes outbound HTTPS requests to api.aisa.one as expected.
- Credentials
- okOnly one environment variable (AISA_API_KEY) is required and is the primary credential used by the code. No other secrets or unrelated credentials are requested. The skill's use of the env var is justified by its described API usage.
- Persistence & Privilege
- okThe skill does not request always:true and will not be force-included. It does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.