alchemy

SUSPICIOUS: The direct Alchemy API-key path is coherent and largely benign, with official endpoints and proportionate credentials. However, the skill also pushes optional x402/MPP payment modes that require external tooling and enable autonomous payment actions, creating medium risk and a broader trust boundary than a basic blockchain-data skill. No clear malware or credential theft behavior is evident, but the install and payment footprint is larger than necessary for many read-only use cases.