emblem-token-swap

SUSPICIOUS. The skill is largely coherent with its stated crypto-swapping purpose and uses a same-org npm package rather than an opaque remote installer, so it is not clearly malicious. However, it enables autonomous high-impact financial actions, forwards wallet/auth context through an external CLI, and routes some operations through third-party ChangeNOW, making it a medium-to-high security risk even with confirmation safeguards.