0xwork

SUSPICIOUS: the skill is internally coherent for a crypto task marketplace, uses a plausible official npm distribution path, and documents prompt-injection defenses. However, it grants an AI agent real wallet authority and autonomous financial/public marketplace actions, processes untrusted user content, and may route signing through a third-party service (Bankr), making the overall security risk high even without clear evidence of malware.