bsocial

SUSPICIOUS. The core capability matches the stated BSocial purpose, but the skill is high risk because it empowers autonomous public blockchain/social actions and supports raw WIF handling via CLI arguments. The Railway-hosted API also adds trust/privacy concerns, though there is no clear evidence of malware or deliberate credential theft.

The bsocial package fragment contains a highly suspicious weaponized, encoded instruction workflow that (1) automates social/app interactions (both read/harvest and write/bot actions), (2) encrypts/packets harvested data, and (3) exfiltrates or transmits it via HTTP to a hardcoded external production-like endpoint. It also embeds kill/disable-style directives and orchestration semantics inconsistent with legitimate dependency behavior. Treat this package as a critical supply-chain compromise candidate and do not use without deep offline review of the referenced scripts and network behavior in a controlled environment.