IEX Cloud CLI
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward IEX Cloud market-data helper that uses an IEX API token and a bounded CLI to make REST calls.
This skill looks safe for its stated purpose. Before installing, confirm you trust the included helper script, store the IEX token through OpenClaw secrets or an environment variable, avoid command-line token exposure, and review any raw API calls the agent proposes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the skill can make IEX Cloud requests with your token and may consume API quota or access data allowed by that token.
The helper uses an IEX Cloud API token. This is expected for the stated integration, but it gives the agent/API calls access to the user's IEX account quota and entitlements.
--token TOKEN API token (default: IEX_TOKEN or IEX_CLOUD_TOKEN)
Use a SecretRef or environment variable rather than pasting tokens into commands, prefer sandbox or least-privileged tokens where possible, and revoke the token if the skill is no longer needed.
A raw call could request any permitted IEX API path with your token, which may affect quota or retrieve data beyond the common examples.
The CLI exposes a raw API mode that can call user-supplied relative IEX API paths. The script restricts hosts to IEX domains and rejects full URLs, so this is purpose-aligned but broader than the predefined commands.
raw PATH [key=value ...]
Use the named commands when possible, and review any raw path and parameters before allowing the agent to run them.