ClawHub

Plusefin Analysis

v1.0.9

AI-ready stock analysis with financial data, options, sentiment, and structured research framework

2· 540·1 current·1 all-time
by@wanghsinche
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request a PlusE API key and the code calls https://mcp.plusefin.com/api with an Authorization: Bearer header. The single required env var (PLUSEFIN_API_KEY) is appropriate for a service-backed financial-data CLI.
Instruction Scope
SKILL.md instructs users to set PLUSEFIN_API_KEY and run python plusefin.py <command>. The included commands map directly to API endpoints implemented in plusefin.py; there are no instructions to read unrelated files, harvest local credentials, or send data to third-party endpoints outside the PlusE API. (Note: SKILL.md's advice to 'use search capabilities to gather research reports' is generic guidance and does not change the skill's own behavior.)
Install Mechanism
No install spec is provided (instruction-only skill) and the bundled code is a small Python CLI that uses the standard library urllib. Nothing is downloaded from untrusted URLs or written to non-standard locations during install.
Credentials
Only one environment variable is required (PLUSEFIN_API_KEY), declared as the primary credential. This is proportional and expected for a service-backed data-fetching tool; no other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It does not modify other skills or agent configuration and has no install-time behavior that persists beyond its own files.
Assessment
This skill appears coherent with its stated purpose, but before installing: 1) verify the upstream repository (https://github.com/plusefin/plusefin-skill) and inspect the code you will run; 2) ensure the PLUSEFIN_API_KEY you supply has minimal privileges and can be revoked/rotated; 3) run the CLI in an isolated environment if you are unsure (so network calls are sandboxed); and 4) confirm you trust requests to https://mcp.plusefin.com because all data is sent there under the provided API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ek8xemmr0ch5ertdg1ngbn82nq8m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
EnvPLUSEFIN_API_KEY
Primary envPLUSEFIN_API_KEY

Comments