smart-dca-bot

SUSPICIOUS. The skill’s core trading capabilities align with its stated Coinbase DCA purpose, and the install path shown is a normal pip/local-Python workflow rather than a malicious download-execute chain. The main risk comes from autonomous financial actions, powerful exchange credentials, and an additional Seren scheduling control plane whose exact public verification is limited. This looks more like a high-risk trading automation skill than confirmed malware.