tron-x402-payment

This skill is classified as suspicious due to its handling of sensitive financial credentials and the execution of high-risk blockchain transactions. The `src/x402_tron_invoke.ts` script accesses the `TRON_PRIVATE_KEY` from environment variables and local configuration files (`~/.mcporter/mcporter.json`, `x402-config.json`), which is a sensitive operation. Furthermore, the skill is designed to perform TRC20 token payments, including an 'infinite approval' if the allowance is insufficient, which grants ongoing spending permission for the specified token. While the `SKILL.md` documentation and the TypeScript code include explicit security rules and sanitization to prevent private key leakage, the inherent risks associated with managing private keys and performing irreversible financial transactions warrant a 'suspicious' classification.