Crypto Analyst

What to check before installing or running: - Provenance: _meta.json (owner, slug, version) does not match the registry metadata shown — confirm the publisher/source before trusting code that handles API keys. - Secrets: The tools ask you to store OKX API_KEY/SECRET/PASSPHRASE in a .env file which the scripts will load. Only provide keys with the minimum permissions needed (read-only where possible) and avoid putting long-term trading keys into this directory unless you trust the source. - Missing files: SKILL.md suggests a .env.example but none is in the manifest; create .env carefully and verify names match the scripts (OKX_API_KEY, OKX_API_SECRET, OKX_API_PASSPHRASE). - External endpoints: The analyzer fetches news from a third-party NS3 endpoint (api.ns3.ai) and alternative.me for Fear & Greed; confirm you are comfortable with those telemetry/requests and that no other unknown remote endpoints exist in the omitted files. - Code review: A few scripts were truncated in the provided listing. If you will run these tools with real account credentials, review the remaining files (whale_tracker.py, technical_analysis.py or any omitted files) for any unexpected behavior (credential transmission to unknown servers, hidden POST/PUT calls, or file writes). If you lack the ability to audit, prefer using read-only API keys or running the scripts in an isolated environment. - Operational precaution: Run first with no credentials (or read-only keys) to verify behavior, and consider running inside a disposable container or VM. If you need higher assurance, ask the publisher for a signed release or review the full source history.