deepbook-cli

[Skill Scanner] Installation of third-party script detected This skill appears to be a legitimate CLI for DeepBook trading and configuration: capabilities line up with the stated purpose. No explicit malicious code or obfuscated payloads are present in the provided documentation. However the tool accepts raw private keys and allows user-configurable network endpoints, which are legitimate features for a blockchain CLI but create significant attack surface if misused or if endpoints are malicious. Treat this skill as operationally sensitive: review the implementation to ensure keys are stored securely, network endpoints are validated or documented to official providers, and CLI output never emits secrets. Overall: no direct evidence of malware, but moderate security risk due to private key handling and configurable endpoints. LLM verification: No direct evidence of malicious code or obfuscation is present in the provided documentation fragment. The primary risks are insecure secret handling patterns (private keys via CLI flags and possible persistence to plain config files), and unconstrained, user-configurable network endpoints that can be used to redirect signed transactions or credentials to attacker-controlled services. The distribution method via npm is a supply-chain consideration; users should verify package provenance and pref