RiskState — Risk Governor for Crypto Trading Agents

What to check before installing or enabling this skill: - Verify the API host and ownership: SKILL.md points at https://riskstate.netlify.app for the API while the homepage is https://riskstate.ai. Confirm that riskstate.netlify.app is an intentional API host for RiskState (e.g., check the official website, GitHub repo, and maintainers) before sending an API key. - Provide a limited-scope key: use an "external"/read-only key (rs_live_ type) if possible, and avoid giving any owner/admin keys to the skill. Do not hardcode keys into source; use environment variables as recommended. - Correct the metadata gap: the registry metadata claims no required env vars, but SKILL.md requires RISKSTATE_API_KEY. Ask the publisher or registry to update the metadata so the platform can surface the prompt for the API key and label required permissions correctly. - Test with minimal data and monitoring: try one-off calls and verify network traffic (outbound destination, IPs, TLS certificate) and response shape before enabling the skill for autonomous use. Monitor API usage and rotate keys if anything looks unexpected. - Treat wallet parameter as sensitive: only supply wallet addresses when you intend on DeFi monitoring; the wallet parameter is relevant but it can expose on-chain linkage for that key. If the publisher provides a clarified package (metadata listing RISKSTATE_API_KEY) and an expected API host matching their official domain or a documented, trusted endpoint (and you can confirm the GitHub/org), this would reduce the concern. Conversely, unexpected hosts or requests for broader credentials would increase risk.