surf

SUSPICIOUS: The skill’s purpose and data flows are mostly coherent for a crypto data CLI, and the API endpoints appear Surf-owned. The main concern is install trust: it uses a remote `curl|sh` path to install and run an external CLI that then handles authentication, which creates meaningful supply-chain and credential-forwarding risk even without clear evidence of malicious intent.