send-token

SUSPICIOUS: the skill’s capabilities align with its stated purpose, but it authorizes high-impact financial actions and relies on an unpinned external CLI fetched via `npx @latest`. This is not confirmed malware, but it carries elevated security risk from mutable supply chain trust and irreversible fund transfers.