Financial Data
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: financial-data Version: 1.0.0 The OpenClaw AgentSkills skill bundle is a client for the AIsa financial data API. The `SKILL.md` and `scripts/market_client.py` clearly define its purpose: querying financial data from `https://api.aisa.one` using an `AISA_API_KEY`. All network requests are directed to this single, specified domain, and the API key is used for standard bearer token authentication. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The code uses standard Python libraries and practices, aligning with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your AIsa API key to make market-data requests under your account or quota.
The client reads an API key from the environment and sends it as a bearer token to the AIsa API. This is disclosed and purpose-aligned, but it is still delegated credential use.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated API key with the minimum needed access and revoke or rotate it if you stop using the skill.
If you query symbols from a personal portfolio or watchlist, those market interests may be visible to the API provider.
User-selected tickers, dates, filters, and similar query parameters are sent to an external API provider. This is necessary for the service, but it means the provider can see those queries.
BASE_URL = "https://api.aisa.one/apis/v1" ... return self._request("GET", "/financial/prices", params={"ticker": ticker, "start_date": start_date, "end_date": end_date, ...})Avoid sending sensitive portfolio details unless you are comfortable with the provider receiving those query parameters.