moonpay-commerce

SUSPICIOUS. The skill is purpose-aligned and the CLI provenance appears legitimate via MoonPay’s official npm package and docs, so this is not a clear supply-chain or credential-harvesting lure. However, it grants an AI agent autonomous real-world purchasing and on-chain payment capability, forwarding buyer PII through an external CLI and enabling irreversible financial actions; that makes the skill high risk even though the data flows appear consistent with its stated commerce purpose.