01-exchange-skill(not official)

This skill appears to be documentation and examples for building monitoring and trading tools against 01.xyz/N1 and is largely coherent with that purpose, but take these precautions before using it: - Provenance: the source and homepage are missing. Prefer official upstream sources (official docs.n1.xyz, npm org pages) or a known repository before installing anything. Ask the publisher for a link or commit history. - Verify packages: the docs recommend npm packages (@n1xyz/nord-ts, @n1xyz/local-api). Inspect those packages on the npm website (publisher, versions, weekly downloads, repository link) and prefer packages with source repos and checksums. - Environment mismatch: the skill metadata lists no env requirements, but the docs reference several env vars (NORD_WEBSERVER, LOCAL_API_URL, SOLANA_RPC, etc.). Don’t copy sensitive secrets into env variables unless you understand where they are used; never expose private keys or seed phrases to the agent or remote endpoints. - Local API safety: the workflow depends on a local signing API. Run it on a secure, isolated machine; prefer hardware wallets where supported; do not run a signing API on a public server or with keys that control large balances. - Testnet first: follow the docs’ advice—exhaustively test on devnet before mainnet with small funds and verify behavior. - If you need higher assurance: request the skill author to publish the repository/homepage, a release tarball, and checksums; ask for a short changelog and the npm package names used by the examples. If you can obtain an authoritative source (official repo or npm org) and confirm the referenced packages and env usage, the skill looks coherent and lower-risk. Without that provenance, treat it cautiously and avoid running installs or starting services suggested by the docs.