polyclaw

SUSPICIOUS: The skill is purpose-aligned and uses mostly official endpoints and a legitimate installer, but it is inherently high risk because it gives an AI agent autonomous financial trading capability and requires a raw private key. The optional proxy path and third-party OpenRouter usage add medium data-handling risk, though there is no clear evidence of hidden exfiltration or malware.