coinstats-portfolio

SUSPICIOUS. The stated purpose mostly fits portfolio management, but the installation source is not internally consistent with CoinStats’ documented official package, and the skill forwards a sensitive API key into that CLI while also permitting destructive account changes. This is not confirmed malware, but the package provenance mismatch and credential forwarding make the skill higher risk than a normal API-integration skill.