Financial Advisor

The skill claims to be an instruction-only financial analysis tool, but its runtime instructions and included files request resources and behaviors that are inconsistent or under-specified (missing declared Python/runtime, undeclared API keys, and an encrypted backup blob), so review the code and run in a sandbox before using.

Key things to check before installing or running this skill: 1) Code audit: Inspect the scripts (fetch_* , data_fetcher_manager, search_service, setup_dependencies.py) for hardcoded URLs, secrets, or code that exfiltrates files to external servers. Look for requests.post/put to domains that aren't well-known data providers. 2) Environments and credentials: Expect to need Python and to provide API keys for services like Tushare, Alpha Vantage, IEX Cloud, or any private Tencent endpoints. Do not supply any high-privilege or shared credentials; create separate limited tokens for testing. 3) Encrypted/backed-up content: The SKILL.md.bak contains a large base64/encrypted blob — decode and inspect its contents before running anything. If you cannot decode it or it contains binaries, treat it as unsafe. 4) Sandbox/testing: Run the skill only in an isolated environment (container/VM) with no access to sensitive files or credentials, and monitor outbound network traffic to spot unexpected endpoints or volumes of data being sent out. 5) Dependencies and setup: Review setup_dependencies.py to understand what packages will be installed and whether any pip/install commands pull code from untrusted hosts. Prefer to install dependencies manually after review. 6) Data-source verification: Confirm which data sources the scripts will call and whether their usage complies with terms of service. For paid services (Tushare Pro, IEX Cloud), ensure tokens are scoped and rate-limited. 7) If you need guarantees: Prefer skills from known authors/projects or ones that explicitly declare required binaries, environment variables, and trusted release sources. Given the unknown origin and the encrypted backup, treat this skill as high-risk until its code and the encrypted content are verified.