blave-quant

The skill's footprint is broadly coherent with its stated purpose: it orchestrates a Blave CLI to fetch market/news data and account information. However, there are minor security gaps: potential command-injection risk if inputs are unsanitized, and credential handling for Hyperliquid access is not described. No unmanaged binaries or external code downloads are evident. Overall risk is low-to-moderate (benign-to-suspicious), with recommended tightening around input sanitization and explicit credential management practices.

The installation guidance presents operational risks rather than explicit malicious code. Key concerns are credential handling, editable installs, privileged system modifications, and missing integrity checks. Recommend trusted sourcing, minimizing privileged steps, securing credentials, and implementing verifiable installation practices before use.