Akshare

The skill bundle is generally benign, providing access to Chinese financial data via the AKShare library. However, the `scripts/get_stock_history.py` file contains a potential path traversal vulnerability. It constructs an output filename using unsanitized command-line arguments (`symbol`, `start_date`, `end_date`), which could allow an attacker to write the generated CSV file to an arbitrary location on the filesystem if they can control these inputs. This is a vulnerability due to lack of input sanitization, not an indication of intentional malicious behavior like data exfiltration or backdoor installation.