Mt5 Trading Assistant Pro

The name/description claim an MT5 trading assistant and the SKILL.md requests only MT5 connection info (account number, access code, broker gateway), which is appropriate for MT5 automation. However, version.json lists features like "self_updating" and "trade_automation" while there is no install spec, no update mechanism, and no code to perform updates or verify authenticity. The promise that credentials are "saved locally only" is also unverifiable in this instruction-only skill. These mismatches (feature claims vs absent install/update code and unverifiable storage guarantees) are inconsistent with the declared package contents.

SKILL.md instructs collecting sensitive connection credentials and tells the agent to use the local MetaTrader5 Python library, and even suggests running `pip install MetaTrader5` if missing. It also offers an "Execute strategy" action and autonomous scanning/automation features but provides no explicit safe-confirmation steps before executing trades, no audit/logging or confirmation prompts, and no guidance on how/where credentials are stored. The document asserts that data is never transmitted externally, but an instruction-only skill cannot enforce or prove that; the behavior depends on the agent runtime (which may be remote). These gaps create scope creep risk: the instructions permit actions (installing packages, connecting to a terminal, executing trades) that have significant side effects yet lack safety controls or provenance.

There is no formal install spec and no code files to run; that's lower risk. However, SKILL.md instructs the agent/user to run `pip install MetaTrader5` if the Python library is absent — that instruction could cause the environment to download third-party packages at runtime. Because there's no declared source for self-updates or package pinning, that step introduces moderate risk (unverified third-party package fetch) even though the skill itself doesn't include an installer.

The skill does not request any environment variables or system config paths, which is appropriate. It does ask the user to provide account number, access (trading) code, and broker gateway — these are the minimal sensitive items needed to connect to MT5 and are proportionate to the described functionality. That said, the SKILL.md's promise that those credentials are saved locally and "never transmitted" is a behavioral claim that cannot be validated from the files provided. The presence of features like "self_updating" raises the possibility of network activity that could contradict the local-only claim.

The skill does not request always: true and is user-invocable only, which is appropriate. However, the skill advertises autonomous market scanning and trade automation, and the platform default allows the agent to invoke skills autonomously (disable-model-invocation: false). Combined with the ability to accept trading credentials and the lack of explicit confirmation/authorization rules in SKILL.md, this creates a meaningful operational risk: if the agent is allowed to act autonomously, it could place or modify live trades without additional safeguards. This is not proof of maliciousness, but users should treat it as a real capability requiring explicit controls.