finance-news

This SKILL.md documents a plausible finance‑news briefing tool. The file itself contains no executable malicious code, obfuscated payloads, or hardcoded credentials. Primary risks come from delegated trust: required third‑party CLIs (gemini‑cli, OpenBB, OpenClaw) and the unspecified cron scripts/Dockerfile expand the trusted supply chain and could handle credentials or perform network transfers. Scheduled autonomous delivery to messaging platforms (WhatsApp) and reliance on premium RSS with possible cookies increase exposure if the external tools or delivery gateways are malicious or compromised. Recommendation: inspect the referenced scripts (cron/*.sh, scripts/*), Dockerfile, and any installation instructions for download/execute patterns, ensure CLIs are installed from trusted sources, limit credential scope and storage (use secrets managers), and prefer direct, documented API endpoints over opaque gateway services.