walletconnect-agent

SUSPICIOUS. The skill’s stated purpose matches its capabilities, but that purpose is itself high risk: it gives an AI agent autonomous control over a cryptocurrency wallet for irreversible blockchain actions. Install sources are mostly legitimate npm packages, yet the skill depends on a deprecated WalletConnect package and requires a raw private key for an unseen local script, creating substantial credential and financial risk even without clear evidence of malware or exfiltration.