okx-cex-skill-mp

SUSPICIOUS: the stated marketplace-management purpose broadly matches the behavior, but the actual footprint is riskier than a simple discovery skill. The npm package-name mismatch undermines installer trust, and the main capability is transitive installation of downstream skills into all detected agents via `npx skills add`. This is not confirmed malware, but it is a high-risk skill-management bootstrapper with meaningful supply-chain and trust-chain concerns.