FairScale Solana

This skill appears to do what it says (query a reputation API for Solana wallets), but there are several red flags that justify caution: - Inconsistent endpoints and auth: SKILL.md uses https://api.fairscale.xyz and x-api-key; references and the helper script use https://api2.fairscale.xyz and a fairkey header; README mentions FAIRSCALE_API_KEY. Verify which base URL and header the official service actually uses before supplying credentials. - Missing declarations: The helper script uses jq but the skill metadata does not declare jq as a required binary. If you run the script on a host without jq it will fail. - Auth confusion: SKILL.md claims Free tier requires no auth, but the reference docs and script require an API key. Don’t assume anonymous access — tests could leak request patterns tied to your IP or wallet. - Payment/upgrade endpoints: The README and SKILL.md mention paid tiers and on-chain payments. Confirm billing/payment flows with the vendor and avoid sending secrets or signing transactions until you verify the service is legitimate. Recommendations before installing or using: 1. Confirm the official vendor domains (docs/sales/status) independently (e.g., via known company site or public registry) and ensure api endpoints are consistent. 2. Ask the publisher which header name and base URL to use, and whether a Free-tier call truly requires no key. 3. Test with a throwaway API key / wallet and monitor network traffic to ensure calls go where expected. 4. Do not paste a production API key or private wallet keys into the skill until the above are confirmed. Given the mismatches, this looks like sloppy packaging or a version mismatch rather than overtly malicious behavior — but verify the vendor and endpoints before supplying credentials or enabling agent automation.