PRISM API SDK
v0.2.1Elite Agentic Finance SDK for OpenClaw, Claude & Autonomous Trading Bots. Real-time market data, canonical asset resolution, 100+ endpoints for crypto, DeFi,...
⭐ 0· 427·1 current·1 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The README/SKILL.md describe an API-backed SDK that requires an apiKey (and links to api.prismapi.ai, npm, and GitHub). Registry metadata declares no required credentials and no install spec. Asking the user/agent to 'npm install' and call PrismClient with an API key is inconsistent with the declared requirements.
Instruction Scope
SKILL.md instructs the agent/user to npm install prismapi-sdk, import PrismClient, and call many endpoints (including an MCP server git clone/build). These instructions call out network endpoints (npm registry, api.prismapi.ai, GitHub) which is expected for an SDK, but because the skill bundle contains no code, the agent will end up fetching and executing external code at runtime — something the metadata does not explicitly surface.
Install Mechanism
There is no install spec in the registry; instead SKILL.md tells users to run 'npm install prismapi-sdk' and to git clone a GitHub MCP server. Installing from npm and cloning GitHub is common, but it means arbitrary postinstall scripts or third-party package behavior could run. No direct download-from-untrusted-URL red flags in the docs, but the install is delegated to external sources and isn't pinned/verified by the skill metadata.
Credentials
The SDK clearly expects an apiKey (README shows PrismClient({ apiKey: 'your-api-key' }) and 'Get Your API Key' instructions), yet the skill metadata declares no required env vars or primary credential. This omission is disproportionate and prevents automatic handling of credentials by the platform; it also hides an important secret the SDK will need to call api.prismapi.ai.
Persistence & Privilege
always is false and the skill does not request system-wide configuration or persistent privileges. The skill does suggest cloning/running an MCP server locally, but that is user-initiated and not automatically persistent by the registry metadata.
What to consider before installing
This skill is plausible as a finance SDK, but the registry metadata and the SKILL.md are inconsistent: the docs require an API key and tell you to 'npm install' a package from npm/GitHub, yet the skill bundle declares no credentials or install steps. Before installing or running this with an agent, verify the npm package and GitHub repo yourself: inspect package contents (including postinstall scripts), confirm the publisher and commit history on GitHub, and review network endpoints the package calls. Treat the API key as a secret — create a least-privilege/test key if possible and do not paste production credentials into an unreviewed package. If you run the MCP server or npm install, do so in an isolated environment (container/sandbox) and monitor outbound network traffic. If you need to let an agent use this skill, prefer supplying credentials through platform-managed secrets rather than pasting them into prompts.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
💎 Clawdis
Binsnode
latest
PRISM API SDK
The elite agentic finance toolkit. Drop-in market intelligence for AI agents, Claude Code, Cursor, or autonomous trading bots.
Quick Start
npm install prismapi-sdk
import { PrismClient } from 'prismapi-sdk';
const prism = new PrismClient({ apiKey: 'your-api-key' });
// Resolve any symbol to canonical data (sub-50ms)
const btc = await prism.resolve('BTC');
// → { canonical: 'BTC', name: 'Bitcoin', price: 71514.84, confidence: 0.97 }
// Batch resolve for trading agents
const assets = await prism.resolveBatch(['BTC', 'ETH', 'AAPL', 'SOL']);
// Get family (wrapped tokens, derivatives)
const family = await prism.getFamily('BTC');
// → [BTC, WBTC, cbBTC, tBTC, renBTC]
Key Features
| Feature | Description |
|---|---|
| Canonical Resolution | Resolve any ticker, contract, or symbol to single source of truth |
| Sub-50ms Latency | Cache-first architecture with 4-layer resolution |
| 100+ Endpoints | Crypto, DeFi, stocks, forex, macro, predictions |
| Family Grouping | BTC → WBTC, cbBTC, tBTC in one query |
| MCP-Native | Built for OpenClaw, Claude, function calling |
API Categories
- Resolution (12 endpoints) - Symbol disambiguation, batch resolve, family grouping
- Crypto (35+ endpoints) - Prices, markets, OHLCV, metadata
- TradFi (30+ endpoints) - Stocks, ETFs, forex, financials
- DEX (25+ endpoints) - Pairs, pools, trending tokens
- DeFi - Yields, protocols, TVL
- Predictions - Polymarket, Kalshi, sports odds
Security Notes
- Read-only API — fetches public market data only
- No wallet access — does not interact with wallets or private keys
- No trading — cannot execute trades
- Data only — returns JSON market data
Links
Comments
Loading comments...