hodlmm-signal-allocator

SUSPICIOUS: the skill is internally coherent for a DeFi allocator and uses broadly plausible same-ecosystem dependencies, so it is not confirmed malware. However, it gives an agent the ability to execute mainnet token swaps based on third-party signals, creating high real-world financial risk and meaningful manipulation/prompt-abuse exposure.