allium-x402

SUSPICIOUS: The skill’s purpose is coherent for blockchain data access, and the installer appears to be same-vendor and officially documented. However, the HTTP curl|sh installer, credential use through an external CLI, x402 payment capability, and especially runtime fetching of additional remote skill instructions create meaningful security risk disproportionate to a simple data-query skill.