Clawdentials Escrow

The skill bundle is suspicious due to several high-risk capabilities. It explicitly instructs the AI agent to execute an external npm package (`npx clawdentials-mcp`) in `SKILL.md` and `references/api.md`, posing a significant supply chain risk. Furthermore, the agent is instructed to handle and 'save' sensitive credentials, including an `apiKey` and a `nsec` (Nostr secret key, a private key), as detailed in `SKILL.md`. The skill also enables the agent to perform financial transactions, such as depositing and withdrawing cryptocurrency, which are high-risk operations.