scorpion-tracker

SUSPICIOUS. The skill’s capabilities match its stated purpose as an automated trading agent, and the install source is same-org and likely legitimate, but it still enables high-risk autonomous financial actions, uses unpinned raw-file installs, and forwards credentials into scheduled command execution. This looks more like a high-risk trading skill than credential-stealing malware.