ibkr-api-skill

SUSPICIOUS: The skill is broadly aligned with IBKR integration, and most data flows match official IBKR local/API patterns. However, it enables autonomous financial actions and depends on third-party broker-connected components (`ib_async` and especially an unverified MCP server), making the overall risk medium-high despite no clear evidence of overt malware or credential exfiltration.