Financial Data
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your AIsa API key to make market-data requests under your account or quota.
The client reads an API key from the environment and sends it as a bearer token to the AIsa API. This is disclosed and purpose-aligned, but it is still delegated credential use.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated API key with the minimum needed access and revoke or rotate it if you stop using the skill.
If you query symbols from a personal portfolio or watchlist, those market interests may be visible to the API provider.
User-selected tickers, dates, filters, and similar query parameters are sent to an external API provider. This is necessary for the service, but it means the provider can see those queries.
BASE_URL = "https://api.aisa.one/apis/v1" ... return self._request("GET", "/financial/prices", params={"ticker": ticker, "start_date": start_date, "end_date": end_date, ...})Avoid sending sensitive portfolio details unless you are comfortable with the provider receiving those query parameters.