KlickAnalytics CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent, documentation-only guide for a financial analytics CLI, with expected notes around installing an external package, using an API key, and sending AI-chat queries to the provider.
This appears safe to use as a documentation-only skill if you trust KlickAnalytics and its CLI package. Before installing, verify the package source, protect your API key, and avoid sending confidential information through the AI-chat command.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives local code from the package ecosystem the ability to run on the user’s machine.
The skill asks the user to install an external Python package, and the example does not pin a version. This is purpose-aligned for a CLI guide, but users should verify the package source before installing.
pip install klickanalytics-cli
Install only from the official package source, consider pinning a known version, and review the package details before use.
Anyone or any process with access to this environment variable could use the user’s KlickAnalytics API quota or account access associated with the key.
The skill requires a service API key to use the KlickAnalytics CLI. This credential use is expected for the stated analytics service and no artifact shows unrelated credential handling.
Required env vars: KLICKANALYTICS_CLI_API_KEY ... Primary credential: KLICKANALYTICS_CLI_API_KEY
Use a dedicated API key, avoid sharing it in prompts or logs, and rotate it if it may have been exposed.
If users include private portfolio details, confidential research, or other sensitive information in AI-chat queries, that content may leave their local environment.
The CLI includes an AI-chat command that accepts natural-language queries and is designed for agent workflows. This is central to the product, but query content may be sent to the provider.
ka ai-chat -q "What is the technical outlook for MSFT right now?" ... Output: Structured analyst-style JSON response, pipeable into agent workflows
Do not place secrets, credentials, or confidential financial information in AI-chat prompts unless the provider’s privacy terms and data handling are acceptable.