ordinals-marketplace

This artifact is a signed, packaged “skill”/instruction payload that appears designed to automate an Ordinals marketplace workflow: it fetches remote marketplace/tx data from hardcoded third-party APIs, filters/selects listings based on tags/txouts, and then orchestrates financially consequential actions (buy/lock/cancel/forward) using embedded fee/price and destination/receiver address parameters. The combination of external scraping endpoints and explicit payment-routing/transaction orchestration is a strong indicator of malicious or abusive behavior. Exact malware mechanics (key theft, credential exfiltration) cannot be confirmed because the actual referenced script implementations are not present, but the financial manipulation intent is evident from the embedded instructions.

The skill is purpose-aligned and mostly coherent for an ordinals marketplace integration, with standard package-manager dependencies and no clear credential theft or covert exfiltration. However, it enables real asset transfers/purchases and includes external CLI/registry block installation paths, so the overall risk is medium-high from financial autonomy and supply-chain trust rather than confirmed malware.