FinResearchClaw

The skill bundle automates finance research by cloning and executing code from an external GitHub repository (https://github.com/ChipmunkRPA/FinResearchClaw). The scripts scripts/install_or_update.sh and scripts/run_finance_example.sh perform high-risk operations, including fetching remote code and installing it into a Python environment via 'pip install -e .'. While these actions are consistent with the stated purpose in SKILL.md, the inherent risk of executing unverified remote code constitutes a significant attack surface for remote code execution (RCE).