bankr

[Skill Scanner] Natural language instruction to download and install from URL detected Benign overall with normal risk considerations for a financial trading integration. The skill footprint—prompt handling, API-key-based auth, and API-driven actions—is coherent with its stated purpose. Critical improvements should include explicit per-command permissions, user-confirmation prompts for high-stakes actions (e.g., token deployment, raw transactions), secure handling and rotation of API keys, audit logging, input validation, and rate limiting to mitigate operational and financial risk. LLM verification: The SKILL.md itself contains no code-level evidence of malware or obfuscation; it is a high-level manifest describing powerful financial operations mediated by the external Bankr service. The principal security risk stems from centralizing powerful credentials (BANKR_API_KEY) with an external service and enabling raw transaction forwarding and automated fund-moving features without documented least-privilege controls or confirmation safeguards. Recommend: do not provide a full-custody API key wi