finance-news
Audited by Socket on Jun 12, 2026
2 alerts found:
Anomalyx2No direct evidence of overt malware is visible in this YAML fragment (no explicit backdoors, credential stealing primitives, or suspicious network destinations beyond the intended messaging). The dominant risk is supply-chain and trust-boundary expansion: it executes host-provided scripts/config (via SKILL_DIR and optional host binary mounting), injects sensitive KIMI_* secrets into the Dockerized generator, and automatically transmits un-sanitized generated message fields to external messaging targets with only minimal gating. Treat as a moderate-to-high security risk that warrants hardening (approval gate for cron, stronger JSON/message validation and redaction controls, and locking down SKILL_DIR/mounted artifacts and binaries).
SUSPICIOUS. The skill’s capabilities largely match its finance-news purpose, and the referenced supporting tools appear mostly legitimate, but the main `finance-news` CLI is not sourced or verified in the provided content. Automated WhatsApp/Telegram delivery and scheduled execution are proportionate but raise moderate operational risk. No clear credential harvesting or covert exfiltration is evident from the snippet alone.