aicoin

This skill is functionally coherent with its stated purpose (crypto data and trading control) but carries substantial security risk because it requires raw API keys and bot credentials and exposes actions that can place trades, transfer funds, and control a trading bot. The primary risks are (1) credential forwarding/exposure to third-party libraries or endpoints, (2) high-impact autonomous trading actions if used by an automated agent without per-action human approval, and (3) supply-chain risk from required third-party packages (ccxt). There is no direct evidence of obfuscation or embedded malware in the provided documentation, but because implementation code is not included, hidden exfiltration or unsafe logging cannot be ruled out. Recommend treating this skill as high-risk for automated use: require least-privilege keys, prefer read-only keys for data queries, require explicit human confirmation for trading/transfer actions, audit runtime dependencies, and inspect implementation to ensure direct calls to official endpoints and safe handling of credentials.