Revelata DeepKPI Financial Analysis Agent
v1.0.0Financial and operational KPI research for US public companies using Revelata's deepKPI database. Pulls structured metrics from SEC filings (10-K, 10-Q, 8-K)...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (deepKPI KPI pulls, derivations, seasonality, Excel exports) match the declared requirements: a single API key (DEEPKPI_API_KEY) and curl. No unrelated credentials, binaries, or config paths are requested. The Claude/MCP vs OpenClaw fallback is documented and explains why the API key is required in some runtimes.
Instruction Scope
All runtime instructions in the SKILL.md and subsidiary docs are narrowly focused on querying deepKPI endpoints, deriving metrics from deepKPI-sourced operands, preserving provenance URLs, and formatting/exporting results. The docs do not instruct reading unrelated system files or environment variables, nor do they direct data to unexpected external endpoints beyond the documented deepkpi-api.revelata.com base URL. The workflow is prescriptive (e.g., always list_kpis, preserve provenance, offer Excel) but stays within the stated purpose.
Install Mechanism
Instruction-only skill with no install spec and no code files; this minimizes disk-write and supply-chain risk. Required binary is only curl, which is reasonable for making REST calls. No external downloads, package installs, or extract operations are present.
Credentials
Only one required environment variable (DEEPKPI_API_KEY) is declared and used. That is proportionate and expected for a REST API integration; no unrelated secrets or elevated credentials are requested.
Persistence & Privilege
The skill is not always-included (always:false) and does not request system persistence or to modify other skills. It can be invoked autonomously by the agent (platform default), which is expected for a data-access skill; this increases blast radius only in the sense that the agent could make API calls with the provided key if permitted by policy, but that is normal and documented.
Assessment
This skill appears internally consistent and low-risk because it is instruction-only and only requires a single API key plus curl. Before enabling it, ensure the DEEPKPI_API_KEY you provide is a legitimate Revelata key with appropriate (least) privilege and monitoring enabled—API keys grant access/credits and could be used to make calls on your behalf. Confirm you trust the source (Revelata) for billing/credits and provenance URLs. Note the skill will construct .xlsx files if you accept the file offer; ensure your agent/file-handling policies allow creating and sharing such files. If you prefer tighter control, consider providing a scoped or read-only API key, setting usage limits on the Revelata account, or enabling instrumentation/audit logs so you can review API requests and credit usage. Finally, because the skill enforces strict provenance and derivation rules, expect it to always attempt Q4 imputations for flow metrics and to require deepKPI evidence for numeric figures—this is by design but may affect how the agent responds if the API key is missing or credits are low.Like a lobster shell, security has layers — review code before you run it.
latestvk971f8vfn8kvr6zrjfnc7ktb8583qny6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binscurl
EnvDEEPKPI_API_KEY
Primary envDEEPKPI_API_KEY