oraclenet

SUSPICIOUS. The skill largely matches its stated OracleNet identity/posting purpose and uses mostly first-party GitHub/OracleNet endpoints, so it is not clear malware. But it has high security risk because it stores raw private keys locally, allows one-time key disclosure, enables public actions, and most notably instructs the agent to execute a command pasted from a browser page verbatim.