sablier-create-vesting

SUSPICIOUS: The stated purpose matches vesting coordination, but the skill explicitly supports agent-run onchain transactions, which are real-world actions with financial impact. The install references point to the same Sablier GitHub org for additional skills, which is coherent, but they rely on a third-party `npx skills` installer and create a transitive trust chain. There is no clear evidence of credential theft, exfiltration, or off-domain API proxying in the provided text, so this is not confirmed malicious; however, the autonomous transaction capability and skill-to-skill installation make it medium/high risk.