x402

SUSPICIOUS: the skill is largely coherent with its stated purpose and uses official install sources, so it does not look malicious. However, it enables autonomous financial actions and forwards signed payment data to a hosted facilitator, and one documentation claim about 'no API keys' overstates the CDP production path. Overall this is a legitimate but high-impact payment skill with meaningful operational risk.