pangolin-strategy

SUSPICIOUS: the skill is internally consistent for an automated trading strategy and uses apparently official Senpi/OpenClaw infrastructure, so it is not confirmed malware. However, it carries high security risk because it installs mutable remote files, forwards credentials into external runtime tooling, and enables unattended leveraged trading with reduced user visibility.