pay-for-service

SUSPICIOUS. The skill is purpose-aligned, but its purpose is inherently high impact: it lets the agent trigger real USDC payments and send request data to arbitrary paid endpoints through a third-party CLI. The pinned npm source lowers supply-chain concern versus an unknown binary, but the autonomous payment capability and broad outbound scope make this a high security-risk skill rather than benign documentation.