shark

SUSPICIOUS. The skill’s behavior is mostly aligned with its stated purpose, but that purpose is high-risk autonomous leveraged trading. The biggest concerns are autonomous real-world financial actions and credential forwarding into a third-party CLI (`mcporter`) whose provenance is not same-org or pinned in the skill. No clear evidence of credential theft or unrelated exfiltration is shown, so this is not confirmed malware, but it is a high-risk trading automation skill.