lobstercash

SUSPICIOUS: the skill is purpose-aligned and uses a plausible official npm package, but it grants an AI agent broad payment and transaction powers with browser automation and external web/API interaction. The main risk is not hidden malware evidence; it is high-impact financial autonomy, sensitive data handling, and delegation of payment actions to an external CLI.