ClawHub

AIGroup Finnhub MCP

v0.1.1

Use Finnhub-backed market intelligence through the `aigroup-finnhub-mcp` server for stock, crypto, forex, calendar, news, sentiment, filing, ownership, analy...

0· 111·0 current·0 all-time
byjackdark@jackdark425
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md and references: the skill's job is to route ticker/market queries to an MCP server exposing Finnhub-backed capabilities. It does not request unrelated credentials or binaries. The only external dependency is the named MCP server (aigroup-finnhub-mcp), which is coherent for this purpose.
Instruction Scope
SKILL.md only instructs the agent how to route queries to specific Finnhub capability groups, how to choose date ranges, and how to summarize signal quality. It does not ask the agent to read arbitrary host files, environment variables, or post data to third-party endpoints outside the MCP server.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The references mention a local launch pattern ('npx aigroup-finnhub-mcp'), but the skill itself does not include an installer or fetch behavior; if a user decides to run 'npx' to launch the MCP locally, that would pull code from npm and should be validated separately.
Credentials
The skill requests no environment variables or credentials. This is reasonable because it delegates Finnhub access to an external MCP server; however, it means the MCP server must hold any Finnhub API keys. Users should confirm where those credentials reside and who controls that server.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. agents/openai.yaml allows implicit invocation (normal for skills) but does not modify other skills or system settings.
Assessment
This skill is a router/manual for a separate MCP service and appears coherent. Before installing or invoking it: (1) confirm you trust the 'aigroup-finnhub-mcp' server and review its repository (the homepage link) to see where Finnhub API keys are stored; (2) avoid running 'npx aigroup-finnhub-mcp' from an untrusted environment without inspecting the package source first (npx will fetch code from npm); (3) if you require isolation, run the MCP in a sandbox or on infrastructure you control; (4) if you want the agent to never call this skill autonomously, restrict implicit invocation in agent policy. If you need further verification, provide the MCP server code or the npm package contents for review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2426ste459r93cdmcf050x83fdne

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments