opentrade-dex-swap

SUSPICIOUS. The trading purpose matches the swap/quote capabilities, but the trust model is weak: the skill repeatedly installs an unverifiable external CLI via raw GitHub pipe-to-shell and then feeds it API credentials and trading data. Because it facilitates real financial actions and credential forwarding through a black-box tool, overall security risk is high even without proof of outright malware.