APEX IA Pro

The skill bundle contains multiple trading scripts (e.g., apex-ia-aggressive.mjs, apex-ia-final-20x.mjs, apex-ia-robot.mjs) that include hardcoded Binance API credentials (API_KEY and API_SECRET). While the code defaults to the Binance Testnet, shipping hardcoded secrets is a significant security risk. Furthermore, realtime-scanner.js includes logic to automatically execute shell commands ('npm install ws'), which is a risky behavior in an agentic environment. The bundle also features a 'license' and donation system (license-check.js and SKILL-pro.md) that directs users to send cryptocurrency to specific external wallets (USDT: 0xe011b57a2d3082849d04c685925827cfc9d93edf). While no explicit data exfiltration logic was found, the presence of hardcoded keys and automated installer patterns makes this bundle high-risk.