spot

SUSPICIOUS: The skill is purpose-aligned and uses official HTX endpoints with no evident supply-chain or exfiltration behavior, but it enables high-impact financial actions and instructs the agent to store live API secrets in a local file. The main risk is autonomous crypto trading capability plus local credential handling, not malware or deceptive data routing.