spark-savings

SUSPICIOUS. The user-facing Spark Savings functionality is plausible, but the actual footprint is disproportionate: remote script execution, download of an external binary, transitive skill installation, and device-fingerprint telemetry to Vercel/OKX. Because the skill installs an external binary from GitHub Releases without clear source/release verification in the skill itself, security risk is high; the added telemetry and hidden key push it beyond benign.