light-token-client

The skill presents a coherent developer-focused toolkit for Light Token client interactions with Solana, with legitimate credential requirements (API_KEY and a local keypair) and standard SDK usage. The primary security concerns stem from installation via a GitHub-based npx command (unverifiable provenance) and the handling of API keys/local keypairs in examples. Overall, the footprint is BENIGN with MEDIUM risk due to supply-chain and credential exposure considerations. Recommend using pinned, verifiable installations (official registries or checksums) and ensuring API keys/keypairs are never logged or transmitted outside secure environments.