Alpha Vantage CLI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Alpha Vantage account quota, and the API key could be exposed if handled carelessly outside the skill.
The client requires an Alpha Vantage API key and can accept it from an environment variable or command-line option; this is expected for the service but is still credential handling.
self.api_key = api_key or os.getenv("ALPHAVANTAGE_API_KEY") ... parser.add_argument("--apikey", help="API key (default: ALPHAVANTAGE_API_KEY)")Use a dedicated and rotatable Alpha Vantage key, prefer an environment variable or secret manager over command-line entry, and avoid pasting keys into prompts or logs.
Invocations may make network requests and consume API quota, but the artifacts do not show unrelated tool use or hidden destinations.
The wrapper lets callers choose Alpha Vantage functions and parameters and sends them to the external API; this is the stated purpose and is bounded to the documented provider URL.
query_params = {"function": function, "apikey": self.api_key, **params}; url = f"{BASE_URL}?{urllib.parse.urlencode(query_params)}"Confirm requested symbols and functions before use, and keep retry counts and batch size aligned with your Alpha Vantage plan limits.