wallet-create-ordinals

The skill’s stated purpose matches its blockchain-minting capabilities, so it is not fundamentally deceptive. However, it is high risk because it enables autonomous irreversible blockchain actions, takes a raw WIF private key on the command line, and has broad bun/bash execution scope; this looks more like a dangerous wallet-operation skill than malware.

At the manifest level, this package is highly suspicious: it embeds a large, hex-encoded OP_RETURN payload that contains extensive instruction-like and execution-oriented code fragments, along with signing/identity fields and references to a minting script. While host-side malware cannot be proven without the referenced code, the structure strongly suggests the artifact is engineered to drive automated, authorized on-chain mint/inscription behavior and possibly to activate derived payload content in consumer tooling. Review and containment are recommended: inspect `scripts/mint.ts` and `SKILL.md`, and verify the exact consumer behavior regarding decoding/any “execute” pathways.