blave-quant

SUSPICIOUS. The skill’s capabilities largely match its stated quant/trading purpose and use mostly official endpoints, so it is not overtly malicious. But it is high-impact and unusually broad: it aggregates many exchange credentials, enables real-money trading and transfers, includes a CAPTCHA-scraping workflow, and can send outputs to external notification channels. The built-in exact-CONFIRM safety rule is a strong mitigating control, but the overall security exposure remains medium due to credential scope and financial-action capability.