Finnhub Pro
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Finnhub financial-data CLI, but it requires a Finnhub API key and a manually installed Python package, so users should protect the key and verify the dependency.
Before installing, verify the `finnhub-python` package source, use a secure `FINNHUB_API_KEY`, and remember that your stock queries go to Finnhub and count against your API quota. The provided artifacts do not show hidden destructive behavior or unrelated data access.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests made by the CLI use the user's Finnhub API key and may count against that account's quota.
The skill relies on a user-provided Finnhub API key, which is expected for Finnhub API access, but users should notice that their API account and rate limits are involved.
设置环境变量:`export FINNHUB_API_KEY="your-key-here"` ... 或写入 `~/.openclaw/.env` ... 必须通过环境变量 `FINNHUB_API_KEY` 传入
Use a dedicated Finnhub key if possible, keep it out of shared logs and repositories, and store it only in a protected environment variable or local config file.
The installed package becomes part of the local execution path for the CLI.
The skill asks users to install an external PyPI dependency without a pinned version; this is central to the skill's purpose but still creates normal package-provenance risk.
pip install finnhub-python
Install `finnhub-python` from the official package source, consider using a virtual environment, and pin a known-good version if reproducibility matters.
Finnhub can see the symbols, searches, and date ranges requested through the CLI.
The script sends user-selected symbols and other query parameters to Finnhub through its API client; this is disclosed and purpose-aligned.
client = finnhub.Client(api_key=API_KEY) ... q = client.quote(symbol.upper())
Avoid querying symbols or search terms you would not want sent to Finnhub, and review Finnhub's privacy and API terms if that matters for your use.