authenticate-wallet

SUSPICIOUS: the skill is purpose-aligned for crypto wallet authentication, but it asks the agent to invoke a third-party CLI that handles OTP sessions and can import a private key. The main concerns are unpinned `npx @latest` execution and sensitive credential handling for a financial wallet, not a clear mismatch or confirmed exfiltration scheme.