nft-manager

The manifest itself is not directly malicious, but it exposes significant operational risk because it includes state-changing transfer capabilities without describing enforced human confirmation or safe key management. Primary recommendations before trusting an implementation: require explicit interactive human approval for all transfers (deny by default), use an external wallet UI or hardware signing (never accept raw private keys), implement and document ERC721/ERC1155 receiver checks and use safeTransferFrom, validate/whitelist metadata hosts, and audit any third-party tooling/endpoints. Treat any implementation that auto-signs transactions, requests raw private keys, or forwards signing credentials to remote services as high-risk.