MarketPulse Financial Data
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent market-data API skill; users should mainly notice that it requires an AIsa API key and sends market queries to an external provider.
This skill looks appropriate for querying market data, but install it only if you trust the AIsa/OpenClaw provider. Use a dedicated API key where possible and remember that market queries, tickers, screening filters, and portfolio-like requests will be sent to api.aisa.one.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume or expose usage under your AIsa API account, depending on that provider's billing and access controls.
The client reads an API key from the environment and uses it to authenticate requests to the AIsa service. This is expected for a market-data API client, but it is still credentialed account access.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated, least-privileged AIsa API key if available, avoid sharing the key in prompts or logs, and monitor provider usage.
Ticker symbols, filters, and requested market-research topics may be visible to the AIsa API provider.
The skill documents direct curl calls to an external API using the user's API key. The calls are scoped to the advertised financial-data purpose, but users should be aware that queries are sent to an external service.
curl "https://api.aisa.one/apis/v1/financial/prices?ticker=AAPL..." \ -H "Authorization: Bearer $AISA_API_KEY"
Only submit market queries you are comfortable sending to the provider, especially if your portfolio or research interests are sensitive.
You have less information for independently verifying who maintains the skill and whether the included client matches the advertised service.
The artifact metadata does not identify a source repository or package provenance. This is not evidence of malicious behavior, but it reduces provenance clarity for a credential-using integration.
Source: unknown
Confirm that the skill and api.aisa.one are the intended provider before adding an API key.