Stock Prices
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your stock-symbol queries may be visible to the external API provider.
The skill directs the agent or user to call a third-party stock-price API. This is disclosed and purpose-aligned, but it means requested ticker symbols are sent to that provider.
curl "https://stock-prices.on99.app/quotes?symbols=NVDA"
Use it for non-sensitive market lookups, and avoid sending private portfolio context unless you are comfortable sharing it with the API provider.
Installing the optional decoder adds trust in an external npm package and its future versions.
The artifact suggests a user-directed package installation without pinning a version. This is relevant supply-chain exposure, but it is optional, disclosed, and directly tied to decoding the API response format.
Install the TOON decoder for parsing: `pnpm add @toon-format/toon`
If installing the decoder, verify the package name, consider pinning a version, and install it only in an appropriate project environment.