x402-card

SUSPICIOUS: the skill’s purpose matches card/payment operations, but its footprint is high risk because it installs a financial CLI, creates and stores a private key locally, and enables the agent to trigger real crypto-funded card and withdrawal actions. The biggest concern is autonomy over monetary operations and the configurable service endpoint, not confirmed malware.