Poke Perps

Type: OpenClaw Skill Name: pokeperps Version: 1.0.0 The skill is classified as suspicious due to the use of `npx @pokeperps/mcp` in `SKILL.md` and `llms.txt`. This command instructs the AI agent to download and execute a remote Node.js package, introducing a significant supply chain risk and allowing arbitrary code execution outside the direct control of the skill bundle. Additionally, the skill explicitly handles a sensitive Solana keypair (`POKEPERPS_KEYPAIR`) for trade execution, which, while necessary for its stated purpose, represents a high-risk capability. Despite these concerns, the documentation and code examples demonstrate good security practices like PDA verification and Ed25519 signature validation, and there is no clear evidence of intentional malicious behavior such as data exfiltration or unauthorized persistence within the provided files.