moonpay-swap-tokens

SUSPICIOUS. The skill is purpose-aligned and uses a same-org CLI from npm, but it grants an AI agent high-impact autonomous trading/bridging powers and depends on external routing infrastructure. This is not confirmed malware, yet it is a high-risk financial-action skill that should require explicit user approval per transaction.