blockrun

SUSPICIOUS — The skill's described functionality (auto-creating/using a wallet to route paid calls to external LLM/image/realtime search providers) is coherent with its stated purpose, but the documentation lacks key security details: it does not name endpoints or gateway operators, does not describe how wallet private keys are protected, and implies prompts/requests are routed through a payment-mediation layer rather than direct provider APIs. Those omissions create notable risks: potential data exposure of user prompts, theft of wallet funds if keys or gateway are malicious/compromised, and lack of verifiability of where data and payments go. There is no direct evidence of malware in the text, but the opaque payment/proxy model and the storing of sensitive session data locally justify treating this skill as suspicious until more implementation detail and provenance (publisher identity, audited endpoints, client-side key handling/encryption) are provided.