helius-openapi-skill

The stated purpose is coherent and the intended API destination is the official Helius host, but the skill’s real trust boundary is the external `uxc` CLI and linked skill. Because this unverifiable third-party executable is required and receives the Helius API key, the skill should be classified as suspicious/high-risk rather than benign.