wolf-howl

SUSPICIOUS. The core analytics behavior matches the stated purpose, but the footprint includes autonomous scheduled execution, outbound Telegram messaging, and reliance on a third-party CLI that can receive tokens and broker MCP connections. This is not confirmed malware, yet it presents meaningful security risk for a live trading environment due to credential-forwarding and automation trust boundaries.