@349/bybit

Purpose and requested Bybit credentials are internally consistent, and the network model appears to be direct exchange access via CCXT rather than a credential-harvesting proxy. The main risk is that this skill authorizes an AI agent to perform real financial trading, plus it forwards secrets through third-party library code and uses an unpinned dependency. Overall this is not confirmed malware, but it is a high-risk trading skill.