The skill is a coherent stock-analysis tool, but its optional social scanners handle sensitive X/Twitter session credentials and environment variables too broadly.
Install only if you are comfortable with a finance tool that contacts Yahoo Finance, CoinGecko, Google News, Reddit, SEC sources, and optionally X/Twitter. Avoid the X/Twitter social scanners unless you understand that AUTH_TOKEN and CT0 are sensitive session credentials; keep .env out of version control, store only the needed values, and rotate/revoke them if exposed. Portfolio and watchlist files persist locally and ticker interests may be sent to third-party market-data services. Treat all trading signals as informational, not financial advice.