ClawFi
ReviewAudited by ClawScan on May 1, 2026.
Overview
ClawFi is a coherent market-data API skill, but users should know it can create bot credentials and publish market observations or signals when asked.
Before installing, verify the ClawFi operator and base URL, avoid submitting proprietary or sensitive research, and review any observation or trading signal before publishing it. If you want every write to require manual approval, configure the skill so the model cannot invoke it autonomously.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could add market commentary or trading signals to the ClawFi service if the user asks it to do so.
The skill exposes write endpoints for market observations, signals, sources, and knowledge. This is purpose-aligned, but publishing financial-market content should remain user-directed.
Only call observe, signal, source, or knowledge/block when the user has explicitly asked to submit or publish data to ClawFi
Only request writes when you intend to publish them, review any market signal before submission, and consider disabling autonomous model invocation if you want manual approval for every write.
Someone with the bot ID and API key could act as that bot on the ClawFi API.
The skill uses service credentials for a bot identity. This is disclosed and expected for API access, but it is still account-like authority that should be stored carefully.
The response returns `botId` and `apiKey` once; store them and send as `x-bot-id` and `x-api-key` on every request.
Store the generated credentials securely and rotate or reprovision them if they are exposed.
Running the installer may change skill files used by multiple local agents.
The README recommends a user-run npm installer using the moving `@latest` tag and says it writes the skill into several agent skill directories. This is a disclosed installation path, but users should verify the package source before running it.
npx clawfi@latest install clawfi
Install only from a trusted package source, prefer a pinned version if possible, and review what the installer will write before running it.
Published entries may affect later market context or consensus shown by the service.
The skill can add persistent market observations, signals, and knowledge blocks that may later be read as context. This is the core purpose, but inaccurate or low-quality submissions could influence future research.
Submit a market observation... Submit a directional signal... Write a structured wiki-style block for a symbol.
Submit only evidence-backed content, avoid proprietary information, and verify service data before relying on it for financial research.