finflow

SUSPICIOUS: The stated purpose broadly matches financial-data retrieval, but the skill’s footprint is larger than a simple quote/news helper. It installs an only weakly verifiable third-party CLI, reads or auto-extracts browser/Keychain cookies, and can perform authenticated portfolio changes. Data flows to the named finance platforms are plausible, but credential handling and account-action scope are disproportionate enough to warrant caution.