owlp-cli

SUSPICIOUS: the skill is largely coherent with its stated purpose and uses plausible same-service endpoints plus npm-based installation, so it does not look like credential harvesting or disguised malware. However, it grants an AI agent high-impact cryptocurrency capabilities, uses highly sensitive local wallet/auth files, and can execute real financial transfers; this makes it a high-risk wallet automation skill even though the footprint is purpose-aligned.