Is 0xjordansg-yolo/openclaw-aisa-finance-stock-equity-crypto-market-price-data-yahoo-finance-coinhacko safe?

https://github.com/openclaw/skills/tree/main/skills/0xjordansg-yolo/openclaw-aisa-finance-stock-equity-crypto-market-price-data-yahoo-finance-coinhacko

89
SAFE

MarketPulse is a legitimate financial data API wrapper skill that provides stock and cryptocurrency data via the AIsa API (api.aisa.one). The skill contains a clean Python client using only standard library modules, no malicious patterns, no post-install hooks, and no canary file access. Primary risks are inherent to its API-client nature: third-party API key transmission and unsanitized API response content that could theoretically carry prompt injection payloads.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (6)

LOW Third-party API key transmission -10

The skill instructs the agent to send the user's AISA_API_KEY as a Bearer token to api.aisa.one for all financial data requests. While this is the expected behavior for an API client, it introduces a third-party trust dependency. If api.aisa.one were compromised, the API key could be captured.

LOW Executable Python script included -10

The skill bundles market_client.py, a 350+ line Python script that the agent is instructed to execute. While the script uses only standard library modules and contains no malicious patterns, it is executable code that the agent will run with the user's permissions.

LOW Unsanitized API responses could carry injection payloads -13

API responses from api.aisa.one (particularly news articles, company facts, and SEC filings) could contain crafted text that acts as prompt injection when the agent processes the JSON output. The skill does not sanitize or boundary-mark API response content.

INFO External documentation URL referenced -5

SKILL.md references aisa.mintlify.app for full API documentation. While not directly fetched by the skill, an agent might follow this link, introducing an additional external content source.

INFO Template variable in executable paths -5

Python commands in SKILL.md use {baseDir} template variable for script paths. This is a standard skill templating pattern resolved by the platform, not a security issue, but worth noting as it influences which file gets executed.

INFO Unrelated skill dependency in lock file -5

The .clawhub/lock.json references an 'academic-research-hub' skill dependency that has no apparent relation to financial data functionality. Likely a packaging artifact from the author's environment.