stock-analysis

SUSPICIOUS. The core stock-analysis workflow is broadly coherent and mostly benign, with normal local storage and public-data lookups. The main security concern is the optional Twitter/X integration: it installs a third-party npm CLI and forwards session tokens via .env, which is a meaningful credential-forwarding risk disproportionate to the skill’s primary purpose.