opentrade-market

SUSPICIOUS. The skill’s market-data purpose largely matches its commands, but it requires executing a remotely installed CLI and forwarding API credentials to that binary. Same-org GitHub hosting and checksums reduce the chance of outright malware, yet the mutable curl|sh installer plus unverifiable binary/credential path make the overall risk high.