trading

SUSPICIOUS: the skill's capabilities fit its stated trading purpose and the npm install source appears legitimate, but it enables autonomous high-impact financial actions and requires a raw wallet private key plus API credentials routed through a centralized managed-custody API. This is not confirmed malware, but it is a high-risk skill that should only be used with strict user approval and strong key-isolation controls.