gmx-v2-plugin

The skill is broadly aligned with its stated GMX trading purpose and data flows are mostly proportionate, but it carries medium security risk because it installs remote code, pulls a binary/launcher from GitHub releases, installs other skills transitively, and can execute real financial transactions. This looks more like a high-impact trading plugin with supply-chain and operational risk than malware.