okx-wallet-portfolio

SUSPICIOUS: the skill's purpose and data flows are mostly coherent for portfolio lookup, and the installer is same-org, tag-pinned, and checksum-verified. However, it still relies on installing and running an external CLI/binary that may receive wallet data and optional personal API credentials, which is a disproportionate trust requirement compared with a simple read-only balance skill and creates notable supply-chain and credential-forwarding risk.