crypto-com-app

Purpose and requested credentials are broadly consistent with a Crypto.com trading skill, and the network destination appears same-org. The main risk is not covert exfiltration but the skill’s ability to let an agent perform cryptocurrency trades and revoke keys, including optional auto-execution without per-trade confirmation. Treat as high security risk due to autonomous financial actions and moderate supply-chain opacity from runtime `npx` execution and unseen local scripts, but not confirmed malware.