ave-trade-proxy-wallet

The skill's footprint is coherent with its stated purpose of proxy-wallet trading via AVE's cloud API. The primary security considerations arise from server-side custody of keys, reliance on environment-stored credentials, and multiple network data flows (REST + WebSocket) that carry sensitive order and wallet information. Overall risk is MEDIUM (securityRisk ~0.55) with low likelihood of malware but notable credential exposure and data-flow considerations. Recommend ensuring strict secret handling, scoped credentials, audited access controls, TLS everywhere, and minimal logging of sensitive fields during REST/WebSocket interactions. No unverifiable binaries are present; no direct credential forwarding to unknown binaries is indicated. Monitoring for credential leakage and robust incident response should be in place when using proxy-wallet architectures.