crypto-com-app

SUSPICIOUS. The skill’s capabilities mostly match a legitimate crypto trading integration, and its API flow appears intended for Crypto.com endpoints, but it enables high-impact financial actions, forwards API secrets into unverifiable local scripts, relies on unpinned runtime package execution, and has a publisher-authenticity mismatch because Crypto.com publicly says marketplace skills are not published or verified by them. This is not confirmed malware, but it is a high-risk financial automation skill that should not be trusted without reviewing the script contents and provenance.