Sponge Wallet

The skill is classified as suspicious due to its inherently high-risk capabilities, despite aligning with its stated purpose. It enables direct cryptocurrency transfers and swaps (`evm_transfer`, `solana_transfer`, `solana_swap`, `withdraw_to_main_wallet`), which carry significant financial risk. Furthermore, the `sponge` tool allows for web scraping (`task: "crawl"`), document parsing (`task: "parse"`), and sales prospecting (`task: "prospect"`) via external APIs, which could expose or process sensitive information. While these actions are explicitly declared functionalities, they represent broad permissions and powerful primitives that could lead to harm if the agent is compromised or misused. The `scripts/wallet.mjs` file also uses `execSync` for clipboard operations, a powerful primitive, though its use here appears benign with JSON-stringified input.