blofin-account-manager

The BloFin Account Manager skill is largely coherent with its stated purpose: it provides authenticated access to balance and position data and allows controlled changes to leverage, margin mode, and position mode with user confirmations. The credential-handling pattern (environment-stored API keys) is typical but introduces potential leakage risks if logs or prompts expose secrets. Network flows align with official API usage; ensure endpoints are trusted and TLS is enforced. Overall risk is moderate (securityRisk ~0.55) due to credential exposure potential and the need for stronger logging/audit controls and secret-handling guidance. Consider adding explicit secret handling policies, robust auditing for sensitive changes, rate-limiting/retry logic, and explicit TLS/transport security specifications.