aicoin-account

The skill aligns with its stated purpose of exchange account management and API key setup, including limited transfer and tier upgrade flows. However, the footprint includes high-sensitivity actions (transfer funds) and handling of API keys across multiple exchanges via environment variables, which introduces credential exposure risk if misused or misconfigured. The inclusion of affiliate/referral flows and a referral-triggered registration path adds potential behavioral risk but not an inherent technical flaw. Overall, the capabilities are coherent with the stated purpose but warrant careful runtime safeguards (explicit per-action confirmation for transfers, scoped permissions, and secure handling of credentials). The risk is moderate due to credential handling and potential for unintended fund transfers; ensure explicit user confirmation for high-stakes actions and minimize ambient credential exposure.