clanker

SUSPICIOUS. The stated purpose matches crypto token operations, but the skill’s footprint is broader than necessary: it installs multiple external skills, downloads an executable from a different org than the stated source, forwards an API key to that binary, and sends device-linked telemetry to third-party endpoints. Because an unverifiable binary receives credentials and can trigger wallet-linked actions, this is high security risk even without proof of outright malware.