quantai-service

SUSPICIOUS. The skill’s quant-research behavior is internally coherent, but it relies on an unverifiable third-party service hosted at a raw AWS IP over plain HTTP. That creates meaningful confidentiality and integrity risk for uploaded plugin/strategy code and for downloaded logs/code that the agent then acts upon. No direct credential harvesting or malware is evident, but the transport and ownership model are not trustworthy enough to consider benign.