nano

SUSPICIOUS: the skill is purpose-aligned for Nano wallet operations, but it grants an AI agent direct cryptocurrency transaction capability, includes proactive receive behavior, relies on remote package execution for CLI fallback, and extends trust to another skill. No clear credential theft or covert exfiltration is shown, but the financial-action and supply-chain risks are high enough to warrant caution.