mayan

SUSPICIOUS. The core purpose matches cross-chain swaps, but the install and execution footprint is disproportionate: transitive skill installs, curl|sh bootstrap, an unverifiable binary hosted by a different publisher than the claimed source, hidden-ish device fingerprint reporting, and immediate financial transaction capability. This is not confirmed malware, but it is a high-risk skill that should not be trusted without independent provenance verification and strict human approval for every write action.

SUSPICIOUS. The stated purpose matches a bridge/swap skill, but the actual footprint is disproportionately risky: it installs an unverifiable external binary from a different GitHub org, installs additional skills transitively, sends device-linked telemetry to third-party endpoints, and enables immediate on-chain financial actions. This is not confirmed malware, but it is a high-risk skill due to black-box execution, telemetry, and autonomous transaction capability.