Stock Monitor Pro

This skill appears to implement the described stock monitoring features, but there are several red flags you should address before installing or running it: - Hardcoded external recipient: cron_check.py will send alert messages to a specific Feishu user ID (FEISHU_USER_ID) using the local OpenClaw CLI. If you run the daemon, your personal holdings/costs/alerts could be delivered to that account. Before using, change the FEISHU_USER_ID to your own target (or remove the auto-send behavior) and verify the 'openclaw message' command arguments. - Undeclared runtime dependencies: the package metadata lists no required binaries/env vars, yet the code expects python3, the OpenClaw CLI on PATH, and optional API keys (KIMI_API_KEY, a license key). Make sure those tools/keys are present and intentionally configured before running. - Sensitive data leakage risk: alerts include holdings, cost and share counts. Check all places where messages are sent (monitor_daemon prints 'ALERT:' which OpenClaw can capture; cron_check calls openclaw CLI) to ensure notifications go only to destinations you control. - Review and sanitize WATCHLIST and any sample holdings: the provided WATCHLIST includes real-looking personal positions; replace with your own list or remove sensitive entries. - Run in an isolated environment first: test locally in a sandbox or VM, and run the test-suite only after editing paths and targets (the tests assume certain WATCHLIST entries and external APIs which may fail or leak data). - If you intend to use AI features, set KIMI_API_KEY yourself and confirm the AI endpoints and privacy policy are acceptable. If you can confirm you will replace the hardcoded FEISHU target, explicitly set and control required env vars and CLI behavior, and run the code in an isolated environment, the skill is more acceptable. If you cannot or do not want to audit these changes, do not install or run the daemon.