monskill

SUSPICIOUS: the core scaffolding guidance is mostly coherent and uses expected tools, but it instructs the agent to install/fetch other skills for wallet and Vercel deployment, and to run an unseen deploy.sh script. The main risk is transitive trust plus autonomous onchain/deployment actions, not clear malware or credential theft in this skill alone.

SUSPICIOUS: the skill's goal is plausible, but its actual footprint is not aligned with a direct Vercel integration. It requires executing an unverifiable third-party script and uploads the user's project to an intermediary endpoint rather than Vercel's documented API, creating high supply-chain and source-code exposure risk.

SUSPICIOUS: The skill’s capabilities largely match its stated wallet purpose, but it grants an AI agent high-risk financial action capability and instructs decryption of private keys with an empty keystore password. The Safe multisig requirement is a meaningful guardrail, yet the overall footprint is still high risk because sensitive wallet credentials are handled locally and real transactions can be initiated.