This stock-data skill matches its stated purpose, but it should be reviewed because it handles API tokens in unsafe ways and ships documentation containing credential-like admin details.
Review this skill before installing. Use it only if you trust the StockToday backend and publisher, avoid highly privileged tokens where possible, and consider overriding or disabling plaintext backup URLs. The publisher should rotate any admin key or database credential-like values disclosed in release notes, remove HTTP fallback defaults, make update checks opt-in, and change token_info to use only the configured current token unless an explicitly secured admin mode exists.