Quiver Quantitative
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently queries Quiver financial data and shows no hidden or destructive behavior, but users should notice the required API key and undeclared Python dependency.
Before installing, confirm you are comfortable providing a Quiver Quantitative API key and install the quiverquant Python dependency from a trusted source. The reviewed artifacts show read-only API querying and JSON output, with no evidence of hidden persistence, destructive actions, or credential leakage.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the user's Quiver API token to authenticate requests to Quiver Quantitative.
The skill requires a provider API credential. This is expected for Quiver API access, but users should be aware because the registry metadata lists no primary credential or environment variable declaration.
- **API Token:** You need a Quiver Quantitative API token. - **Environment:** Set `QUIVER_API_KEY` in your environment or `TOOLS.md`.
Use a Quiver token intended for this purpose, avoid placing secrets where they may be broadly exposed, and remove or rotate the token if it is no longer needed.
If the dependency is missing or installed from an untrusted source, the skill may fail or run code outside the reviewed artifact set.
The script depends on an external Python package, while the provided artifacts include no install spec or pinned dependency declaration. This is consistent with the skill's purpose but leaves dependency provenance to the user.
import quiverquant
Install the intended quiverquant package from a trusted package source and consider pinning the version before use.