hk-connect

SUSPICIOUS. The stated purpose matches market-data retrieval, but the actual footprint routes all data through a private raw-IP service over plaintext HTTP and forwards an API key there. The local install is harmless, yet the network trust model, hard-coded credential example, and non-TLS data flow make the skill medium-high risk.