counterparty-guard

SUSPICIOUS. The stated purpose is coherent with the data sources and browser/API lookups, and the skill does not show overt malware behavior or credential harvesting. However, it is not fully self-contained: it relies on an unprovided local script and a separate cross-source-verify skill with unverifiable provenance, and it processes untrusted external content in a tool-enabled workflow. Overall this looks like a plausible business due-diligence skill with medium security risk from transitive trust and content-ingestion exposure, not confirmed malicious intent.