TRC20 Token Toolkit

SUSPICIOUS. The skill’s capabilities match its stated TRC20 purpose and its dependency/install story is mostly coherent, but it gives an AI agent the ability to perform irreversible token transfers and approvals using a raw private key. That makes it high-impact even without clear malware indicators; risk comes from autonomous financial action and key handling, not from deceptive data flows.