web3-safe-guide

The Web3 Safe Guide skill presents a coherent purpose and a mostly proportionate footprint: it wraps the onchainos CLI to provide safety-oriented research and guided swaps for beginners, with explicit safety gates and user-driven wallet interactions. The primary security concern is the installer pattern (curl | sh) downloading from a remote script, which introduces supply-chain risk if the script or host is compromised. Aside from that, data flows align with the stated functions, and credential exposure appears limited to user wallet interactions rather than secret storage. Given the combination of practical alignment and one notable supply-chain risk, the overall assessment is suspicious rather than benign, due to the unverifiable installer pattern and potential for dependency tampering. Mitigation would include pinning installer integrity (checksums or signed releases), using official registries where possible, and providing optional offline installation alternatives.