Locus

The skill bundle is designed to enable AI agents to perform crypto payments, which inherently involves high-risk operations. It installs a global package (`mcporter`) via `npm i -g` in `SKILL.md` and `scripts/setup.sh`, requiring elevated privileges. It also handles sensitive API keys for a payment service (`https://app.paywithlocus.com`) and implies access to email for payment processing. While the `SKILL.md` includes strong safety rules for the agent (e.g., 'Never send payments without explicit user confirmation'), the combination of global package installation, sensitive credential handling, and direct financial transaction capabilities without clear malicious intent pushes it into the 'suspicious' category due to the broad permissions and inherent risk.