trader-signal

SUSPICIOUS: the skill’s purpose matches its capabilities, but it relies on runtime installation/execution of an unpinned third-party trading CLI with native components and imperfect release hygiene. No clear credential theft or malicious exfiltration is shown, but the supply-chain footprint and financial decision support make it medium-high risk.