ethskills

BENIGN for stated purpose as a framework/orchestration guide, but HIGH operational risk if granted to an autonomous agent because it enables wallet-backed blockchain transactions, payments, and public deployment. No clear credential exfiltration or deceptive routing is shown; the main concern is real-world financial action and untrusted endpoint interaction.

SUSPICIOUS: the skill’s purpose matches its capabilities, but it materially increases agent risk by enabling security-audit tradecraft, fetching transitive remote skill content, processing untrusted repository text, and taking external actions via GitHub issue filing. No direct credential harvesting or clear exfiltration is shown, so this is high-risk vulnerable behavior rather than confirmed malware.