US Stock Analyzer

What to check before installing: - Clarify the FMP_API_KEY requirement: registry metadata marks it required but SKILL.md and code treat it as optional. If you don't need enhanced FMP financials, you can run with only Yahoo data. Avoid setting a sensitive API key globally until you confirm it's necessary. - Inspect config.yaml and the scripts (already present) to confirm no hidden endpoints; this package uses Yahoo (yfinance) and FinancialModelingPrep (requests to their API). Those are expected for this tool. - The install metadata incorrectly lists that the packages create a 'python3' binary — treat that as a metadata bug, not evidence of hidden installers. Still, install packages from PyPI only and prefer creating an isolated virtualenv before pip installing. - Network behavior: the skill makes outbound HTTP requests to public financial APIs (yfinance and FMP). If you must keep data local or avoid network calls, do not run it or run in an isolated environment. - If you will provide an FMP API key, consider using a scoped API key, storing it in a restricted environment (not a shared machine env), and verifying the code does not log or persist the key anywhere unintended. - If the metadata inconsistencies worry you, ask the publisher to: (1) mark FMP_API_KEY as optional or required consistently, (2) fix the install 'bins' metadata, and (3) document exactly what data is sent to external APIs. If those are corrected, the package looks coherent for its stated purpose. Confidence notes: assessment is “suspicious” (medium confidence) because the functional code matches the description but metadata/instruction mismatches could lead to accidental credential exposure or user confusion; no evidence of malicious intent was found in the code itself.