portfolio

SUSPICIOUS: the skill is coherent with its stated crypto portfolio purpose, but it carries substantial security risk because it executes a third-party CLI from a mutable npm tag and can perform autonomous financial transactions after authentication. This looks more like a high-risk wallet/trading integration than malware, but it should only be used with explicit per-action approval and strong trust in the StarkFi service stack.