opentrade-market

The skill’s stated purpose (live on-chain market data access and meme pump analysis) is aligned with its described capabilities, but the installation/initial execution pattern (curl -sSL https://raw.githubusercontent.com/.../install.sh | sh) is a significant security risk due to unverifiable source and download/execute behavior. Data flows involving an explicit user-supplied OPEN_TOKEN for API access are standard for authenticated services, but the unverifiable installer plus lack of verified signatures/checksums markedly increases supply-chain risk. Given the combination of legitimate functionality and a dangerous install pattern, this skill should be classified as SUSPICIOUS with elevated security risk until the installer source is replaced with a verifiable, signed release from an official registry or repository, and the installation process is hardened (pinned versions, checksums, signatures).