Safety Report

open-market-data

Name: open-market-data
Rating: 5 (1 reviews)
Author: anotb

@anotb

Query free financial data APIs — stocks, crypto, macro, SEC filings

343Downloads

0Installs

1Stars

1Versions

API Integration4,971 Database Management1,222 DevOps & Infrastructure1,045

Security Analysis

medium confidence

Clean0.04 risk

The skill's declared requirements and runtime instructions match its stated purpose (a CLI wrapper around free financial data sources); nothing requested or instructed is disproportionate, but the npm install step is the main external risk to vet before installing.

Feb 17, 20261 files1 concern

Purpose & Capabilityok

Name/description (query free financial data) align with the declared binaries (node + omd) and the SKILL.md usage examples. The omd CLI is the expected tool for this purpose and the SKILL.md documents the data sources the CLI uses.

Instruction Scopeok

SKILL.md only instructs the agent to run the omd CLI, configure API keys (env or CLI), and query listed public data sources. It does not instruct reading unrelated files or exfiltrating arbitrary system data.

Install Mechanismnote

Install uses an npm package (kind: node, package: open-market-data) that creates the omd binary. npm-based installs are common and coherent here, but they run code from the package registry (moderate trust requirement). There are no in-repo code files to inspect in this skill bundle, so the actual package contents were not analyzed.

Credentialsok

SKILL.md documents optional API keys (FRED, CoinGecko, Finnhub, AlphaVantage) and an EDGAR_USER_AGENT; none are declared as required by the registry, which is reasonable. The listed env vars are proportional to a data-aggregator CLI that can use multiple upstream providers.

Persistence & Privilegeok

The skill does not request always:true and does not declare system-wide config modification. disable-model-invocation is false (normal) so autonomous invocation is allowed by platform default — no additional persistence privileges were requested.

Guidance

This skill appears coherent: it wraps a CLI (omd) for public financial APIs and documents optional API keys. However, the install step pulls an npm package — npm packages can execute code during install and are not pre-reviewed here. Before installing, verify the npm package and upstream GitHub repository (SKILL.md points to https://github.com/anotb/open-market-data) for legitimacy and the expected version. Prefer creating/using only the specific API keys you need, and avoid exposing high-privilege credentials. If you need stronger assurance, fetch and inspect the npm package contents (or the upstream repo) before installation or run the install in an isolated environment.

Latest Release

v0.1.0

Initial release — 8 providers, 13 commands, auto-routing with fallback

More by @anotb

Homeassistant Skill

5 stars

Truenas Skill

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @anotb on ClawHub