signals

SUSPICIOUS: The skill is broadly aligned with publishing and consuming trading signals, but it carries medium-high security risk because it stores a high-privilege Bankr API key locally, forwards signing authority to a third-party service, and instructs the agent to periodically fetch and follow mutable remote heartbeat content. No clear malware or overt exfiltration beyond the stated workflow, but the autonomy and credential-forwarding footprint is larger than a read-only signal skill.