funding-signal-monitor

SUSPICIOUS: the core monitoring purpose is plausible, but the footprint is broader than necessary because it forwards an Apify token to external marketplace actors and chains into downstream outreach skills. No confirmed malware or overt exfiltration appears in this skill file, yet third-party credential use, unspecified local helper scripts, and transitive trust make the skill medium-to-high risk.