Axiom

The name/description (Axiom Wallet via MCP) matches the runtime instructions: calls to whoami, get_payment_method, get_payment_details, create_receipt and the use of mcporter make sense for a wallet/payment integration. The skill is instruction-only (no code) which is reasonable for an API/CLI integration. Note: registry metadata in the provided bundle shows a corrupt/odd 'Required binaries' entry ([object Object]) while SKILL.md metadata correctly lists mcporter >=0.8.0 — this mismatch should be resolved.

The SKILL.md instructs the agent to open a headless OAuth page via mcporter and read a DOM element (data-device-auth-url) to extract an activation URL — this requires DOM parsing of an external page and careful handling of tokens/cookies. The skill also instructs the agent to visit merchant/product pages to compute final totals and capture product image URLs (og:image) for receipts. Those actions are within the payment workflow but broaden the agent's scope: browsing arbitrary merchant pages and extracting data may expose visited URLs and page content. Additionally, the get_payment_details payload includes an 'aiReasoning' field; although the doc warns not to include chain-of-thought or secrets, this field could encourage the agent to transmit internal reasoning unless strictly controlled.

No install spec — instruction-only. That is low-risk from an installation perspective: nothing is downloaded or written by the skill itself. It does require the mcporter binary to be present on the system (declared in SKILL.md metadata).

The skill declares no required environment variables or credentials, which is proportionate. It does rely on the mcporter CLI and an OAuth session initiated at runtime rather than static credentials. Confirming the mcporter requirement is present and that no other hidden env access is performed by your agent runtime is recommended. The earlier registry metadata corruption ([object Object]) is suspicious and should be clarified (it may hide additional required binaries or env entries).

always:false and no install steps that persist configuration are present — good. However, the skill enables the agent to obtain single-use payment cards that charge the user's card on file. Since model invocation is allowed (default autonomous invocation), there is a real risk an autonomous agent could trigger charges if prompts or guardrails are insufficient. This is not a platform misconfiguration by itself but is a high-impact capability worth additional controls (explicit confirmations, audit logging, or disallowing autonomous invocation).