lst

SUSPICIOUS. The skill is purpose-aligned for Endur liquid staking, but it gives an AI agent direct authority to perform on-chain financial transactions and relies on an unpinned external CLI from a personal npm publisher. No clear credential theft or deceptive data routing is visible, so this looks more like a high-risk transaction skill than confirmed malware.