crypto-trader

The skill's stated purpose aligns with requesting API credentials and network access in principle, but the combination of broad, high-impact capabilities (transfers, cross-chain bridges, contract deployment, minting), explicit requirement for a general network tool (curl), and raw API secret access is disproportionate without stricter controls. There is no direct evidence in the provided fragment of embedded malware or explicit exfiltration code, but the footprint is high-risk: a compromised implementation or a malicious downstream component could easily exfiltrate keys or perform unauthorized transactions. Recommend treating this skill as suspicious: require least-privilege API keys, explicit and auditable per-action confirmations, whitelist official endpoints/SDKs, and avoid giving an agent unattended permissions to perform irreversible operations.