This appears to be a legitimate stock and crypto analysis skill, but its optional social scanning handles live X/Twitter session cookies and exposes broad local environment secrets to an external CLI.
Review carefully before installing. The safest path is to use stock analysis, portfolio, watchlist, and hot scanning with --no-social, and avoid providing X/Twitter session cookies unless you understand that AUTH_TOKEN and CT0 can act like account access. Do not put unrelated secrets in the skill .env file, restrict file permissions, use a dedicated low-risk X account if social scanning is needed, and treat BUY/HOLD/SELL output as informational rather than trading advice.