Tmp.QxTMN6G9ww

The skill requires users to provide highly sensitive Credit Karma session cookies (`CK_COOKIES`) and includes a script (`npm run auth`) to capture them via a browser profile, as documented in SKILL.md. While the stated purpose is local financial analysis, the handling of full session tokens and the execution of an external npm package (creditkarma-mcp) pose a significant risk of credential theft or data exfiltration if the package is compromised.