finance-skills

SUSPICIOUS. The finance purpose and local stdlib-only scripts are coherent and there is no evidence of credential access, exfiltration, or malicious data routing. Risk comes mainly from the recommended npx-based third-party installer and transitive skill installation path, which are broader than necessary for a simple finance skill.