createos-deploy

The fragment is not overtly malicious in isolation: it does not contain hidden backdoors, obfuscated execution, or explicit data theft. However, it is security-relevant because it (a) handles a private key for remote authentication, (b) performs a financial ERC-20 transfer using parameters returned by an untrusted gateway quote, and (c) uploads base64-encoded executable application artifacts for remote deployment (a high-impact capability if the payload or gateway responses are compromised). Treat the gateway and quote/status responses as untrusted inputs: validate payment fields, constrain acceptable recipients/tokens, and ensure payload integrity and trusted content provenance before deployment.

SUSPICIOUS: the skill is broadly consistent with a deployment/payment purpose and uses an official registry dependency, so it does not look like confirmed malware. Risk is still high because it gives the agent power to upload code, delete hosted projects, and initiate on-chain payments using wallet-signing material; these autonomous real-world actions require strong user confirmation controls.