qutedance-quotes

The skill facilitates financial market data retrieval from an external API (quotedance.api.gapgap.cc) and handles authentication via API keys. While the code in scripts/qutedance-quotes.js is functionally aligned with its stated purpose, it is classified as suspicious because it utilizes external network access to a non-standard domain and explicitly encourages the insecure practice of storing API keys in a plain-text configuration file (config.json). These behaviors, while plausibly necessary for the skill's operation, represent risky capabilities and security vulnerabilities in an untrusted bundle.