pp-yahoo-finance
Utilizes Yahoo Finance CLI for stock quotes, portfolio tracking, and market analysis, enhancing financial data accessibility.
Install this skill
or
80/100
Security score
The pp-yahoo-finance skill was audited on Jun 6, 2026 and we found 4 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 285
Webhook reference - potential data exfiltration
SourceSKILL.md
| 285 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 287
Webhook reference - potential data exfiltration
SourceSKILL.md
| 287 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 231
Access to hidden dotfiles in home directory
SourceSKILL.md
| 231 | Yahoo Finance has no API key — it requires a crumb+cookie handshake. The CLI auto-fetches the crumb on first call and persists cookies to `~/.config/yahoo-finance-pp-cli/`. If your IP is rate-limited |
medium line 273
Access to hidden dotfiles in home directory
SourceSKILL.md
| 273 | Entries are stored locally at `~/.local/share/yahoo-finance-pp-cli/feedback.jsonl`. They are never POSTed unless `YAHOO_FINANCE_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `YAHOO_FINANC |
Scanned on Jun 6, 2026
View Security DashboardGitHub Stars 1.5K
Rate this skill
Categoryfinance accounting
UpdatedJune 24, 2026
claudeclaude-codefrontenddocxgitapidatabasetestingbackendfinancial-analystdata-analystgrowth-marketerfinance accountingdata analyticsmarketing
mvanhorn/printing-press-library