polyhub_copy

SUSPICIOUS: the skill’s capabilities mostly match its stated trading purpose, but it enables high-impact financial actions and sends the user’s API key to a fixed test/dev-looking API host whose official provenance is not well verified by the supplied evidence. This is not confirmed malware, but it is a high-risk skill due to autonomous trading potential and weak endpoint trust.