shumi

This Shumi skill is a crypto analytics CLI description that, by itself, contains no overt malicious code or clear exfiltration instructions. The main security considerations are supply-chain and provenance: the document references running a 'shumi' CLI (including via npx) and a browser wallet login without specifying vendor, installation source, or permission scopes. Those omissions increase risk because a malicious or compromised CLI could harvest wallet credentials or request signatures. I assess this skill as low-to-moderate risk overall: functionality and requested capabilities are consistent with a crypto analysis tool, but lack of provenance and unclear authentication scopes warrant caution. Verify the CLI's origin (official registry, publisher, checksums), inspect what permissions the wallet login requests, and avoid granting signing abilities unless necessary.