pay-and-book

SUSPICIOUS: the skill’s purpose broadly matches its capabilities, but it still carries meaningful risk because it enables autonomous real-world booking/payment, uses mutable `npx` execution, and instructs transitive installation of Coinbase wallet skills through the Skills CLI. No clear evidence of credential theft or covert exfiltration is present from the provided content.