yield-agentkit-privy

SUSPICIOUS: The skill is coherent with its stated purpose, but that purpose is inherently high risk: it installs a remote MCP, ingests external content, and can autonomously move funds through Privy-signed blockchain transactions. Data flows mostly match official Yield/Privy services rather than obvious exfiltration infrastructure, so this is not confirmed malware, but it is a high-risk financial automation skill.