Quiver Quantitative
v1.0.1Query alternative financial data from Quiver Quantitative (Congress trading, Lobbying, Government Contracts, Insider transactions). Use this to track politician stock trades or unconventional market signals.
⭐ 1· 2.1k·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, SKILL.md, and the included Python script all focus on querying Quiver Quantitative data — behavior matches stated purpose. However the registry metadata lists no required env vars while both SKILL.md and the script require QUIVER_API_KEY, creating an inconsistency.
Instruction Scope
Runtime instructions and the script stay within the stated domain (calling Quiver endpoints via the quiverquant library and returning JSON). The SKILL.md references TOOLS.md as an alternate token source but the script only checks the QUIVER_API_KEY env var (it prints an error and exits otherwise), so instructions are slightly vague but not malicious.
Install Mechanism
There is no install spec despite the script importing the third-party package 'quiverquant'. The skill will fail unless that dependency is present in the runtime. Lack of declared dependency is an incoherence (and operational risk) — it also makes it unclear what network or package sources will be used to satisfy that import if the environment installs it at runtime.
Credentials
The script legitimately requires a QUIVER_API_KEY environment variable, which is proportionate to the purpose. However the registry metadata does not declare any required env vars or primary credential, and the SKILL.md's guidance about alternate token sources (TOOLS.md) is vague. The omission in metadata is a mismatch that could lead to surprising behavior during use.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It does not modify other skills or system config. Autonomous invocation is allowed by default (not a concern by itself).
What to consider before installing
This skill appears to be a straightforward Quiver API client, but there are a few red flags you should address before installing or running it:
- QUIVER_API_KEY is required: The code and SKILL.md require QUIVER_API_KEY, but the registry metadata does not list any required env vars. Do not supply other unrelated secrets. Provide only a Quiver API key and verify its scope.
- Missing dependency declaration: The script imports the third-party package 'quiverquant' but there is no install spec. Make sure the runtime environment already has this package installed from a trusted source (e.g., PyPI) or add an explicit install step that pins a known-good version.
- Verify origin and checksum: The skill's source/homepage is unknown. If you will run this, fetch the quiverquant package and this script from trusted sources and verify integrity (checksums / repository). Consider running first in an isolated environment.
- Network and data handling: The script will make outbound calls to Quiver's API. If you need to audit traffic, run it in a controlled environment or capture outgoing endpoints to confirm they go to Quiver's official API domains.
Given the metadata mismatches (env and dependency), treat this as suspicious rather than benign. If the owner/source can correct the metadata (declare QUIVER_API_KEY and the quiverquant dependency) and provide a trustworthy homepage/repo, the risk assessment would improve.Like a lobster shell, security has layers — review code before you run it.
latest
Quiver Quantitative Skill
Access alternative data sets from Quiver Quantitative to track non-traditional market signals.
Prerequisites
- API Token: You need a Quiver Quantitative API token.
- Environment: Set
QUIVER_API_KEYin your environment orTOOLS.md.
Usage
This skill uses a Python script to fetch data and return it as JSON.
Congress Trading
Track stock trades by US Senators and Representatives.
# Recent trades by all members
skills/quiver/scripts/query_quiver.py congress
# Specific Ticker
skills/quiver/scripts/query_quiver.py congress --ticker NVDA
# Specific Politician
skills/quiver/scripts/query_quiver.py congress --politician "Nancy Pelosi"
Corporate Lobbying
Track lobbying spend by companies.
skills/quiver/scripts/query_quiver.py lobbying AAPL
Government Contracts
Track government contracts awarded to companies.
skills/quiver/scripts/query_quiver.py contracts LMT
Insider Trading
Track corporate insider transactions.
skills/quiver/scripts/query_quiver.py insiders TSLA
Output
All commands output a JSON array of records. You can pipe this to jq to filter or format it.
# Get Pelosi's recent NVDA trades
skills/quiver/scripts/query_quiver.py congress --politician "Nancy Pelosi" | jq '.[] | select(.Ticker == "NVDA")'
Comments
Loading comments...