MetaComp VisionX KYT

The skill's requested token, install step, and runtime instructions are consistent with a KYT/checking service that calls MetaComp's API — it will send wallet addresses and transaction hashes to MetaComp and requires an API token, which is proportionate to its stated purpose.

This skill appears to do what it claims: it will call MetaComp's KYT service and needs your METACOMP_TOKEN. Before installing: (1) confirm you trust metacomp.ai and the published npm package; review the package source (GitHub repo) and npm page; (2) treat METACOMP_TOKEN like any API key — use a least-privilege key and rotate/revoke if needed; (3) expect that wallet addresses and transaction hashes you provide will be sent to MetaComp for analysis (do not provide private keys or other secrets); (4) the skill will prompt you to confirm whether you are the sender or recipient and will pause until you answer — this prevents accidental analysis, but be cautious about sharing counterparty addresses you don’t control; (5) if you need stricter isolation, run the CLI in a sandboxed environment or review traffic to ensure it only talks to MetaComp endpoints.