helixa

SUSPICIOUS. The skill is purpose-aligned and mostly uses expected endpoints/tools for an onchain identity service, so it does not look fundamentally deceptive. However, it enables wallet-based auth, contract transactions, and micropayments with real financial consequences, and it processes untrusted user-generated API content that could carry prompt injection. Overall this is a coherent but medium-high risk skill for AI agents, driven more by autonomy and credential handling than by overt malware signals.