Access Finnhub API for real-time stock quotes, company news, market data, financial statements, and trading signals
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: finnhub Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Finnhub is classified as benign. All files, including `_meta.json` and `SKILL.md`, are consistent with the stated purpose of integrating with the Finnhub API. The `SKILL.md` provides legitimate `curl` examples for interacting with `https://finnhub.io/api/v1` endpoints, using the `FINNHUB_API_KEY` as intended. There is no evidence of prompt injection attempting to subvert the agent's behavior, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The instructions are clear and directly related to accessing stock market data via the Finnhub API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make Finnhub requests using your API key, which can reveal requested symbols/searches to Finnhub and may consume rate limits or paid-plan quota.
The skill needs a Finnhub credential and includes it in Finnhub API calls. This is purpose-aligned, but it gives the agent the ability to use that API key's quota and account entitlements.
requires: { "env": ["FINNHUB_API_KEY"] } ... All requests require `?token=${FINNHUB_API_KEY}` parameter.Use a Finnhub key with appropriate limits, monitor usage, and avoid sharing full request URLs or logs that contain the token.