pay-via-agent-wallet

SUSPICIOUS. The skill is purpose-aligned for paid API access, but it grants an agent the ability to autonomously spend USDC, move funds, and query third-party services based on untrusted external content. There is no strong sign of credential theft or covert exfiltration, yet the real-world financial authority and broad external-call surface make the skill high risk.