helius-jupiter

SUSPICIOUS. The skill is mostly coherent and routes data to official Helius/Jupiter services, but it expands an AI agent into high-impact financial operations and asks the agent to install an additional MCP server via an unpinned `npx @latest` path. This looks like a legitimate DeFi builder skill with meaningful security and autonomy risk rather than confirmed malware.