web3-start-here

SUSPICIOUS: the skill is internally consistent as a web3 security-hunting knowledge base, but its actual purpose is to equip an AI agent with offensive security capabilities, including PoC development and MCP-based live scanning. No direct credential theft, exfiltration, or deceptive data flow is visible in this excerpt, so this is not confirmed malware; risk is driven by the offensive-security use case and the implied execution surface of later MCP tooling.