GMGN Skill Portfolio

This skill appears to do what it says (portfolio analysis via gmgn-cli) but has a few things you should double-check before installing or using it: - Confirm the gmgn-cli npm package: inspect the package page/repository and publisher, and prefer installing in a container or non-privileged environment first instead of globally. - Be aware the skill expects you to provide and store a GMGN_API_KEY in ~/.config/gmgn/.env even though the registry metadata doesn't declare that requirement. Treat that API key like any secret: only paste a key you control, and consider revoking it if you stop using the skill. - The setup instructs you to generate an Ed25519 keypair locally and paste the public key to gmgn.ai; do NOT share the private key. After you complete setup, securely delete the temporary private key file (/tmp/gmgn_private.pem) unless you understand why it should be kept. - The skill runs local network checks (ifconfig/ip addr) and contacts ipv6.icanhazip.com to detect IPv6. These actions reveal local network interface info and external IP but are consistent with troubleshooting connectivity — if you are uncomfortable, ask the developer why this is required. - Ask the skill author/maintainer to fix the metadata inconsistencies (declare GMGN_API_KEY and the ~/.config/gmgn/.env path, and either include or remove the npm install guidance in the registry install spec). If you need higher assurance: request the gmgn-cli repository link, review its source, and test the workflow in an isolated environment before granting the key for an account with valuable assets.