FluxA-agent-wallet

The skill bundle implements a comprehensive financial wallet for AI agents with high-privilege capabilities, including the management of USDC funds and identity credentials. It is classified as suspicious due to the 'SCHEDULED-CHECKIN.md' file, which instructs the agent to establish persistence via daily scheduled tasks that execute remote code using 'npx -y @fluxa-pay/fluxa-wallet@latest'. This pattern introduces significant supply-chain risk by bypassing version pinning and automatically fetching/executing remote payloads from 'fluxapay.xyz'. Additionally, the instructions use forceful prompt-steering ('MUST') and command the agent to suppress 'process narration' and 'tool chatter,' which reduces transparency and could be used to mask unauthorized financial transactions or state changes.