Financial Data
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward financial market-data skill that uses an AIsa API key to query stock and crypto data, with no artifact-backed malicious behavior found.
This skill looks safe for its stated purpose, but it depends on a third-party AIsa API key and sends your requested tickers, dates, and screening filters to that provider. Use a limited API key and avoid querying sensitive portfolio details if that disclosure is a concern.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your AIsa API key to make market-data requests under your account or quota.
The client reads an API key from the environment and sends it as a bearer token to the AIsa API. This is disclosed and purpose-aligned, but it is still delegated credential use.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated API key with the minimum needed access and revoke or rotate it if you stop using the skill.
If you query symbols from a personal portfolio or watchlist, those market interests may be visible to the API provider.
User-selected tickers, dates, filters, and similar query parameters are sent to an external API provider. This is necessary for the service, but it means the provider can see those queries.
BASE_URL = "https://api.aisa.one/apis/v1" ... return self._request("GET", "/financial/prices", params={"ticker": ticker, "start_date": start_date, "end_date": end_date, ...})Avoid sending sensitive portfolio details unless you are comfortable with the provider receiving those query parameters.