Molt Trader Skill

What to consider before installing: - Metadata mismatch: SKILL.md and the code require an API key (MOLT_TRADER_API_KEY) and optionally a base URL, but the skill's registry metadata does not declare any required environment variables or a primary credential. Treat the skill as requiring a secret and confirm the manifest is updated before trusting it. - Unknown origin: There is no homepage or repository link and the owner ID is not recognizable. Prefer packages with a verifiable source (GitHub repo, official domain) and a visible maintainer history. - Verify the API endpoint: The default baseUrl is https://api.moltrader.ai. Confirm that this is the official Molt Trader service and that you are comfortable sending your API key to that endpoint. If you run a local dev server, use that URL instead when testing. - Inspect dependencies and package contents: package.json includes @trpc/server which is uncommon for a client SDK. If you plan to install the npm package, review the published package contents on the registry (and optionally audit package-lock) to ensure nothing unexpected is published. - Least privilege: Only provide the API key needed for the simulator account you intend to use (create a limited/test account if possible). Do not reuse high-privilege credentials (e.g., production trading accounts) until you have validated the package and service. - Additional checks: Ask the publisher for a source repository or signed release, verify the package's npm publisher identity, and consider running the examples against a local dev server first. If you cannot verify the origin and the metadata remains inconsistent, treat the skill as untrusted.