← 返回 Skills 市场
oscraters

IEX Cloud CLI

作者 oscraters · GitHub ↗ · v1.0.1
cross-platform ✓ 安全检测通过
376
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install iex-cloud
功能描述
Use this skill when a task needs IEX Cloud market data through the REST API (quotes, charts, fundamentals, market lists, and batch calls), including secure t...
使用说明 (SKILL.md)

IEX Cloud

Overview

This skill provides an operational workflow for IEX Cloud API usage in OpenClaw tasks:

  • selecting the right endpoint for market-data requests
  • building valid authenticated requests
  • handling API and transport errors
  • running repeatable calls through a local Bash CLI

Quick Start

  1. Preferred for OpenClaw: store the token at skills.entries.iex-cloud.apiKey and back it with a SecretRef via openclaw secrets configure.
  2. For direct shell use outside OpenClaw, set export IEX_TOKEN=....
  3. Compatibility fallback: export IEX_CLOUD_TOKEN=....
  4. Read endpoint/parameter guidance in references/api_docs.md.
  5. Use scripts/iex_cloud_cli.sh for reliable calls.

Example:

scripts/iex_cloud_cli.sh quote AAPL
scripts/iex_cloud_cli.sh chart AAPL 1m
scripts/iex_cloud_cli.sh movers mostactive

Workflow

  1. Classify request type:
  • latest quote: quote
  • historical bars: chart
  • company/fundamentals: company, stats
  • market movers: movers
  • multi-symbol pulls: batch
  1. Validate required parameters before call dispatch.
  2. Execute request with token auth and timeout.
  3. Validate response class:
  • HTTP failure / transport failure
  • JSON payload containing API error fields
  • empty or malformed payload
  1. Normalize output downstream as needed.

Authentication and Safety

  • Primary token env var: IEX_TOKEN.
  • Compatibility token alias: IEX_CLOUD_TOKEN.
  • In OpenClaw, prefer skills.entries.iex-cloud.apiKey with SecretRefs over plaintext config.
  • Do not hardcode tokens in source files.
  • Do not print full token values in logs.
  • Prefer query parameter token=... when using these endpoints.
  • The CLI accepts only trusted IEX API hosts for base URL overrides and warns when a non-default trusted override is used.
  • raw calls are limited to relative IEX API paths. Do not pass full URLs.

Reliability Guidance

  • Use bounded timeouts (curl --max-time in CLI).
  • Handle non-2xx responses as hard failures.
  • Validate symbol, range, and list-type inputs early.
  • For large jobs, use batch endpoints where possible.
  • If you modify IEX_BASE_URL or pass --base-url, expect a warning so the change is visible during review.

OpenClaw Secrets Management

  • OpenClaw can inject this skill's API key from skills.entries.iex-cloud.apiKey for each agent run.
  • Secret refs are preferred over plaintext because the resolved secret wins at runtime and plaintext is ignored.
  • Recommended operator flow:
    • openclaw secrets audit --check
    • openclaw secrets configure
    • openclaw secrets audit --check
  • For direct shell usage outside OpenClaw, export IEX_TOKEN in your shell instead.

Included Files

  • scripts/iex_cloud_cli.sh: Bash CLI for common endpoints and raw calls.
  • scripts/README.md: CLI usage examples and command reference.
  • references/api_docs.md: operational endpoint reference and guardrails.

Resources

安全使用建议
This skill appears to do what it says: a small Bash CLI that sends your IEX token to the documented IEX Cloud endpoints. Before installing or running: prefer injecting the token via OpenClaw secret refs (skills.entries.iex-cloud.apiKey) rather than exporting it in plaintext; inspect the scripts yourself first; when running locally avoid passing the token via --token on shared systems (it may be visible in process lists/command history); consider using the sandbox base URL with a sandbox token while you validate behavior; rotate tokens if you expose them during testing. The skill enforces trusted hosts and rejects full URLs for raw calls, which reduces but does not eliminate risk—review and run only if you trust the repository/source.
功能分析
Type: OpenClaw Skill Name: iex-cloud Version: 1.0.1 The OpenClaw AgentSkills skill bundle for IEX Cloud is classified as benign. The `scripts/iex_cloud_cli.sh` script implements robust security controls, including strict whitelisting of trusted IEX API hosts (`cloud.iexapis.com`, `sandbox.iexapis.com`) for the base URL, preventing Server-Side Request Forgery (SSRF). It also performs strong input validation for `raw` API paths, rejecting full URLs, path traversal (`..`), and query string injection. Token handling is secure, relying on environment variables and passing tokens as URL-encoded query parameters. The `SKILL.md` and other documentation files consistently outline these security guardrails and do not contain any prompt injection attempts. Furthermore, the `scripts/validate_registry_metadata.py` script actively verifies the presence and enforcement of these security measures, indicating a deliberate secure design.
能力评估
Purpose & Capability
Name/description, registry metadata, SKILL.md, and the included scripts all focus on IEX Cloud REST calls. Required binary (curl) and required env var (IEX_TOKEN) match the implementation; optional jq and IEX_BASE_URL are documented and used only for allowed overrides.
Instruction Scope
SKILL.md instructs the agent to use the provided Bash CLI and OpenClaw secret injection, to avoid hardcoding tokens, and to validate inputs. The runtime script only accesses the declared env vars and enforces limits (trusted hosts, relative raw paths, no query chars in raw path). There are no instructions to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism
There is no install spec (instruction-only skill) and included files are plain Bash/Python source in the repo. Nothing is downloaded from arbitrary URLs and no archives are extracted—low install risk.
Credentials
Only IEX_TOKEN (plus a documented compatibility alias IEX_CLOUD_TOKEN and optional IEX_BASE_URL) are requested. These variables are directly required to call the IEX API and are proportionate to the skill's function.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill configuration changes. It does not modify other skills' configs or require persistent presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install iex-cloud
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /iex-cloud 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added OpenClaw metadata and homepage fields in SKILL.md for enhanced integration and discoverability. - Introduced explicit guidance for OpenClaw secrets management and agent token injection. - Updated authentication documentation to clarify environment variable precedence and security practices. - Improved CLI documentation with warnings and guardrails for trusted base URL overrides. - Added two files: registry-metadata.json and scripts/validate_registry_metadata.py.
v1.0.0
- Initial release of iex-cloud skill for IEX Cloud API integration. - Provides authenticated access to market data (quotes, charts, fundamentals, movers, batch). - Includes secure token handling via environment variables. - Features a Bash CLI script for making and repeating API calls. - Offers workflow guidance for endpoint selection, parameter validation, error handling, and response normalization. - Supplies operational references and usage documentation.
元数据
Slug iex-cloud
版本 1.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

IEX Cloud CLI 是什么?

Use this skill when a task needs IEX Cloud market data through the REST API (quotes, charts, fundamentals, market lists, and batch calls), including secure t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。

如何安装 IEX Cloud CLI?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install iex-cloud」即可一键安装,无需额外配置。

IEX Cloud CLI 是免费的吗?

是的,IEX Cloud CLI 完全免费(开源免费),可自由下载、安装和使用。

IEX Cloud CLI 支持哪些平台?

IEX Cloud CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 IEX Cloud CLI?

由 oscraters(@oscraters)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论