binance

This skill is a documentation/integration example for interacting with Binance APIs via shell (curl + openssl + jq). It uses official Binance endpoints and standard HMAC signing with the user's BINANCE_API_KEY and BINANCE_SECRET. I found no code-level exfiltration, obfuscation, remote downloads, or third-party forwarding of credentials in the provided fragment. The primary risks are: (1) high-impact credential usage — the API key + secret can place trades and should be protected and only given to trusted tooling with least privilege, and (2) embedded monetization via an automatic REFERRAL_ID (CYBERPAY) which may cause users to unknowingly share fees with the skill author. If this skill is used by an automated agent, the agent must not be given unchecked ability to run these commands or access full-trade-capable API keys. Overall, content appears coherent with the stated purpose, but operational risk from misconfiguration or automated execution is significant and requires cautious handling.