Stock Prices
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward stock-price API reference with disclosed external calls and an optional decoder package, with no evidence of hidden credentials, persistence, or destructive actions.
This appears safe for basic stock quote lookups. Before installing the optional decoder package or relying on the data, consider whether you trust the external API provider and avoid including private portfolio details beyond the ticker symbols needed for the query.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your stock-symbol queries may be visible to the external API provider.
The skill directs the agent or user to call a third-party stock-price API. This is disclosed and purpose-aligned, but it means requested ticker symbols are sent to that provider.
curl "https://stock-prices.on99.app/quotes?symbols=NVDA"
Use it for non-sensitive market lookups, and avoid sending private portfolio context unless you are comfortable sharing it with the API provider.
Installing the optional decoder adds trust in an external npm package and its future versions.
The artifact suggests a user-directed package installation without pinning a version. This is relevant supply-chain exposure, but it is optional, disclosed, and directly tied to decoding the API response format.
Install the TOON decoder for parsing: `pnpm add @toon-format/toon`
If installing the decoder, verify the package name, consider pinning a version, and install it only in an appropriate project environment.