Bankr Dev - NFT Operations

The README describes expected NFT marketplace features but omits critical security details (explicit endpoints/trust anchors, wallet signing model, explicit confirmation flows). There is no direct evidence of malware in the provided text, but the capability to move funds combined with missing trust boundaries and unspecified handling of private keys makes this a moderate supply-chain risk. Before trusting or deploying the implementation, require: (1) inspection of bankr-client and related modules, (2) explicit documentation that signing is always performed client-side by user-controlled wallets (no raw key ingestion or upload), (3) explicit endpoints (official marketplace APIs and RPC nodes) and integrity checks (pinned domains, signatures), and (4) interactive confirmation/approve flows for purchases and logging/telemetry privacy guarantees.