Plusefin Analysis
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a straightforward financial-data CLI that uses a PlusE API key to fetch stock, options, sentiment, news, and economic data.
Before installing, confirm you are comfortable providing a PlusE API key and having the skill make read-only financial-data requests to https://mcp.plusefin.com. The artifacts do not show hidden persistence, local data collection, destructive actions, or unrelated credential use.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your PlusE API key to query the PlusE service, which may expose usage to that provider and may consume API quota depending on the provider's terms.
The code reads the documented PlusE API key from the environment and sends it as a bearer token to the PlusE API. This is purpose-aligned and not hidden, but users should understand that installing and using the skill delegates API access to this CLI.
API_KEY = os.environ.get("PLUSEFIN_API_KEY", "") ... req.add_header("Authorization", f"Bearer {API_KEY}")Use a PlusE API key with the minimum necessary scope if available, keep it private, and remove or rotate it if you stop using the skill.