akquant

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are direct install scripts (.sh and .ps1) hosted on astral.sh and the skill explicitly instructs piping them to sh/PowerShell (curl | sh / irm | iex), which is high-risk because it executes remote code from a non-obviously-official domain without inspection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a quantitative trading framework generator (akquant) and lists concrete order-execution APIs and patterns: buy, sell, market/limit orders, order_target_percent, OCO/Bracket/Trailing Stop, target position orders, position queries (get_position), subscription to symbols, and order management. These are specific financial execution capabilities (market orders / managing positions). Therefore it grants direct financial execution authority rather than being a generic tool.