📦 Massive(Polygon) — Massive(Polygon...工具

Name: Massive(Polygon) — Massive(Polygon...工具
Rating: 2

v1.0.5

[AI辅助] Access Massive(Polygon) stock, crypto, forex, options, indices, futures, market data, and news APIs via CLI.

2· 687·0 当前·0 累计

by @bruce-shi (Bruce Shi)·MIT-0

API工具开发工具数据分析 AI模型访问

下载技能包

License

MIT-0

最后更新

2026/4/12

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill is internally consistent with its stated purpose: it documents using the 'massive' npm CLI via npx and only requires the MASSIVE_API_KEY and npx; however you should verify the npm package origin before running arbitrary npx installs.

评估建议

This skill appears coherent for calling Massive/Polygon APIs via the 'massive' CLI, but it invokes code via 'npx' which downloads/executes the 'massive' package from npm at run time. Before using: 1) Confirm the npm package name ('massive') and publisher are legitimate (check npmjs.com and the package's repository), since the registry metadata lists no source/homepage. 2) Review the package source (or pin a specific version) rather than blindly running npx --yes. 3) Limit the MASSIVE_API_KEY sco...

详细分析 ▾

ℹ 用途与能力

Name/description, required binary (npx), and required env var (MASSIVE_API_KEY) align with a CLI wrapper for Massive/Polygon market data. Minor note: registry metadata lists source/homepage as unknown while SKILL.md references massive.com — verify the upstream package and publisher.

✓ 指令范围

Runtime instructions are limited to invoking 'npx --yes massive <command>' and reference only API-related commands. The SKILL.md does not instruct reading unrelated files or accessing other credentials.

ℹ 安装机制

This is an instruction-only skill that relies on npx at runtime. npx will fetch and execute code from the npm registry on demand — expected for a CLI but a moderate operational risk if the npm package or its maintainer is untrusted.

✓ 凭证需求

Only a single credential (MASSIVE_API_KEY) is required and declared as primary. No unrelated secrets, files, or config paths are requested.

✓ 持久化与权限

Skill does not request persistent/always-on privileges and uses default autonomous invocation settings. It does not modify other skills or system configs.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.52026/2/17

- Updated CLI usage instructions to require the --yes flag with npx. - No changes to command functionality; documentation improvements only.

● 可疑

安装命令

点击复制

官方npx clawhub@latest install massive-skill

镜像加速npx clawhub@latest install massive-skill --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库