openstall

SUSPICIOUS: the skill is internally coherent as a paid agent-marketplace integration, but it grants high-risk capabilities that go beyond a normal developer utility: autonomous task handling, public webhook exposure, processing of untrusted external content, and real-money crypto withdrawal. No clear evidence of malware or credential theft is present from the skill text alone, but the overall security risk is high due to autonomy and financial-action scope.