stock-report

SUSPICIOUS: the stated purpose is plausible for a stock-report skill, but the actual execution depends on an unverifiable local Python script in a personal directory. There is no confirmed malware or explicit credential theft in the visible skill text, yet the core behavior cannot be audited and the broad Bash execution scope is disproportionate to a simple reporting wrapper.