cli-cast

SUSPICIOUS. The skill’s capabilities mostly match its stated purpose, but it is high risk because it enables autonomous on-chain signing and transaction submission, handles raw private keys, defaults to a third-party RPC gateway, and includes transitive skill installation guidance. This looks like a coherent blockchain-operation skill, not confirmed malware, but its permission and consequence footprint is inherently dangerous.