pocketagent-wallet

This skill README describes an autonomous Solana wallet capable of creating/decrypting local wallet files and signing/sending transactions automatically, and performing high-speed token swaps via third-party RPC and aggregator services. While functionality matches the stated purpose, the autonomous, no-human-approval design combined with reliance on external RPC/aggregator endpoints and lack of verifiable encryption/key-management details makes this skill a significant supply-chain and operational risk. There is no explicit evidence of embedded malware or credentials exfiltration in the provided text, but the potential for misuse (unauthorized fund transfers, credential exposure if implementation is flawed, or routing transactions through malicious intermediaries) is substantial. I rate this as SUSPICIOUS / high security risk — require code review of actual implementation, network endpoints, and encryption/KDF details before trust or use; enforce strong per-action confirmations, allow user-controlled endpoints, and audit default RPC/aggregator settings.