metengine-data-agent

This skill describes a plausible paid analytics agent that uses on-chain Solana (USDC) payment signing and fetches remote documentation from GitHub and a central agent endpoint. The behavior is coherent with a pay-per-request analytics service, but the security risk is moderate because sensitive operations (wallet signing, transaction submission) are centralized through agent.metengine.xyz and the guidance lacks specifics about secure wallet integration, integrity verification, and explicit limits on what is transmitted. Key risks to mitigate before trusting or deploying this skill: ensure wallet interactions use a secure wallet adapter (no private key export), require explicit per-transaction user consent, validate and pin agent endpoints or use signed manifests for remote docs, and limit filesystem/network permissions of the agent runtime to the minimum necessary. Because the code fragment contains only documentation/instructions (no executable code), there is no clear sign of embedded malware, but the payment/signing flows and centralized endpoint justify treating this as a moderate supply-chain risk.