bios-deep-research

SUSPICIOUS: the skill is internally coherent and mostly uses official Coinbase/x402 tooling, so it does not look like credential-harvesting malware. However, it enables autonomous financial/blockchain actions and can consume wallet credentials or signing authority, which is a high-impact capability for an AI agent and warrants explicit per-action user approval.