nipper

SUSPICIOUS/HIGH-RISK skill. Its stated marketplace purpose is plausible, but the footprint is broader than simple API documentation: it installs a transitive skill, pulls an unverified remote SDK tarball, and enables autonomous financial actions with wallet keys and payment signatures. The main concern is supply-chain and financial-action risk rather than confirmed malware.