Consortium AI Analysis
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a read-only helper for calling Consortium AI’s trading-analysis API, but users should notice that it requires an API key and the registry metadata does not fully declare that credential need.
Install only if you trust Consortium AI and are comfortable sending a dedicated TRADING_ANALYSIS_API_KEY to api.consortiumai.org. Treat the returned BUY/SELL/WAIT analysis as informational and not as an instruction for automatic trading; the provided artifacts do not show trade execution, storage, or background activity.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user must provide an API key, and that key will be sent to Consortium AI whenever the skill is used.
The skill reads a user-provided API key from the environment and transmits it to Consortium AI for authentication. This is purpose-aligned, but it is still credential handling users should understand.
const apiKey = process.env.TRADING_ANALYSIS_API_KEY; ... headers: { 'x-api-key': apiKey, 'Accept': 'application/json' }Use only a key intended for this service, keep it out of chat/logs, rotate it if exposed, and update registry metadata to declare TRADING_ANALYSIS_API_KEY as a required credential.
Users have less registry-level information for verifying who published the skill and where its source is maintained.
The registry listing provides limited provenance information. The included code is simple and there is no install-time download or dependency chain shown, so this is a notice rather than a behavioral concern.
Source: unknown Homepage: none
Verify the Consortium AI domain and publisher before providing an API key; publishers should add a homepage/source URL to improve provenance.