Query real-time and historical financial data of equity prices, market moves, metrics, and trends for analysis, alerts, and reporting
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be a coherent market-data API client, but users should notice that it sends an AISA API key to the provider and the registry metadata under-declares that requirement.
This appears safe to install if you trust the AIsa market-data provider and are comfortable giving the skill an AISA_API_KEY. Use a dedicated key, monitor quota or billing, and be aware that registry metadata does not fully declare the key and tool requirements even though the documentation does.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use your AISA API key to make market-data requests, which may expose the key to that provider and may consume account quota or incur provider-side usage costs.
The client uses a provider API key from the environment and sends it as an Authorization header. This is expected for the stated AIsa market-data API purpose, but it is still credential-bearing access.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated AISA key with the minimum necessary access, monitor usage, and avoid setting the key globally when you do not want agents to use it.
When used, the skill will send selected ticker/query parameters to the AIsa API and retrieve market-data responses.
The skill documents direct authenticated network calls to the AIsa API. These calls are purpose-aligned and user-directed examples, but they are external API operations performed by the agent.
curl "https://api.aisa.one/apis/v1/financial/prices?ticker=AAPL&interval=day..." -H "Authorization: Bearer $AISA_API_KEY"
Review the query the agent is about to run when using sensitive watchlists or large screens, and set reasonable limits on broad market scans.
The registry may not prompt you for the API key or local tools even though the skill documentation and script need them.
SKILL.md declares runtime dependencies and an API key, while the supplied registry metadata lists no required binaries, env vars, or primary credential. This is an under-declared registry contract, not evidence of hidden execution.
metadata: {"aisa":{"requires":{"bins":["curl","python3"],"env":["AISA_API_KEY"]},"primaryEnv":"AISA_API_KEY"Confirm you have python3/curl available and intentionally provide AISA_API_KEY only when you want this skill to access the AIsa service.