massive-api

The skill is coherently scoped as a CLI wrapper for Massive(Polygon) market data with environment-based API key usage and standard HTTP API calls. Data flows and privileges (read-only API access via environment-stored key, network calls to official endpoints, JSON stdout) are proportionate to the stated purpose. The only notable concern is ensuring that logs or error outputs do not inadvertently reveal the MASSIVE_API_KEY, and that dependency updates via npx are trusted and verifiable. Overall, the footprint is BENIGN with a MEDIUM securityRisk due to potential accidental exposure of credentials in logs; no credential forwarding, exfiltration, or unauthorized capabilities are detected.