balance

The stated purpose matches the capability, but the execution model is risky: it fetches and runs an unpinned npm package at runtime and depends on a separate wallet-auth skill. That makes this skill suspicious from a supply-chain and wallet-session trust perspective, though the provided content does not prove credential theft or overtly malicious behavior.