@349/lighter-dex

SUSPICIOUS. The skill is purpose-aligned and uses vendor-documented install paths and API domains, so it does not look like credential harvesting or a deceptive supply-chain lure. However, it grants an AI agent direct leveraged trading capability, includes transitive skill loading guidance, and relies on local helper scripts not shown here; that makes it a high security-risk financial-action skill despite limited evidence of malware.