zyfai

SUSPICIOUS. The skill is coherent with its DeFi-yield purpose and uses official-looking npm and Zyfai endpoints, so it is not confirmed malware. However, it enables autonomous financial transactions, requires wallet signing capability plus an API key, and forwards those capabilities into a third-party SDK/backend, making the overall security risk high despite reasonable purpose alignment.