moonpay-missions

SUSPICIOUS: the skill is purpose-aligned with MoonPay CLI onboarding and uses an official same-org npm distribution path, so there is no strong malware or credential-harvesting signal. However, it enables autonomous financial actions and transitive skill installation, which makes the overall security risk medium-high even though the core capability matches the stated purpose.