stock-rt-subscribe

SUSPICIOUS: the skill’s capabilities mostly match its stated stock-streaming purpose, and dependency installs are benign PyPI usage. The main risk is data-flow trust: both market data and an optional auth token are sent to an arbitrary user-specified receiver node over example plain HTTP, so confidentiality and endpoint legitimacy cannot be verified from the skill alone.

This fragment appears to be a legitimate, configurable alert engine with meaningful integration-driven security risks rather than self-contained malware. The main risk drivers are (1) execution of an externally supplied MCP fetch callback (arbitrary code execution depending on integrator trust), and (2) configurable outbound webhook delivery of alert content to an attacker-controlled URL if configuration/integration is compromised. File logging to a configurable path and inclusion of derived context in logs/prints can also contribute to data leakage. Absent a hostile integrator/config, direct malicious payload likelihood is low.