bounty-hunter

SUSPICIOUS: the install sources cited are largely official and there is no clear credential harvesting or exfiltration, but the skill’s core purpose is to give an AI agent offensive security capability against external smart-contract targets. That is a high-risk capability for an agent even when framed as bug bounty research. Supply-chain risk is moderate due to third-party toolchain installs and solc binary retrieval, but not strongly malicious.