goodwallet

SUSPICIOUS. The skill’s purpose matches its wallet capabilities, but it gives an AI agent high-impact financial powers and routes wallet auth/signing through remote operator-controlled services. npm installation is less concerning than curl/bash, yet unresolved publisher/source inconsistencies and credential-bearing CLI usage keep overall risk high even without confirmed malware.