Crypto Wallets & Payments for AI Agents

The skill is classified as suspicious due to its inherent high-risk capabilities and supply chain dependency. It explicitly instructs the AI agent to handle cryptocurrency private keys, including generating new ones and saving them to a '.env' file, or asking the user for existing keys, which are then used for financial transactions (transfers, swaps). While these instructions are transparent and aligned with the stated purpose, the handling of such sensitive credentials is a significant risk. Furthermore, the skill relies on executing an external, unvetted npm package (`@onlyswaps/mcp-server`) via `npx` (as seen in SKILL.md), introducing a substantial supply chain vulnerability where the remote code could potentially be malicious, despite the local files not explicitly instructing harmful behavior.