send

SUSPICIOUS: The skill’s purpose and capabilities are aligned, but it gives an AI agent the ability to perform real financial transactions and does so through an unpinned `npx`-fetched CLI. There is no clear evidence of credential theft or covert exfiltration, but the combination of runtime third-party code execution and autonomous fund transfer makes this a high security-risk skill.