starknet-wallet

This skill's stated purpose (managing Starknet wallets, balances, transfers, session keys, and gasless paymaster flows) aligns with the capabilities described. The main security concerns are supply-chain and credential risks from the required STARKNET_PRIVATE_KEY and optional AVNU API key, and the use of an MCP server as an intermediary for tool calls. Session keys introduce autonomy risk if policies are misconfigured. There is no direct evidence of malicious code or obfuscation, no download-and-execute vectors, and all external endpoints referenced are plausible official services. Overall the skill is functionally coherent for a wallet skill but has moderate security risk due to credential exposure and third-party intermediaries; operators should ensure private keys are never sent to untrusted MCP servers, restrict session key scopes, and audit MCP/paymaster trust and storage practices.