Finance Watcher

The skill is a self-contained Node CLI that fetches CoinGecko and Yahoo Finance data, writes a local config, and requires no credentials; its code, install spec, and runtime instructions are coherent with the stated purpose and show no signs of data-exfiltration or unrelated privileges.

This package appears coherent and limited to its described purpose, but remember: npm packages run code on your machine. Before installing, verify the package provenance (npm registry page, author, repository), review the package source if the registry entry is unavailable, and consider installing/running it in an isolated or non-privileged environment. Run 'npm audit' and keep dependencies up to date. Note functional caveats: the CLI stores its config at ~/.config/finance-watcher, the 'stock' vs 'stocks' key is inconsistent (may create duplicate keys), and alert triggers are not persisted back to disk in the current code — the tool does not send alerts to Slack/Feishu by itself. If you need guarantees about network endpoints or supply-chain provenance, obtain the package from a verified source or inspect the repository history before use.