keeperhub-wallet

SUSPICIOUS: the skill’s wallet and payment capabilities match its stated purpose, but its trust footprint is significant. It executes npm package code that installs across agent directories, edits agent hook settings, stores a local signing secret, and routes signing through a KeeperHub server proxy while enabling autonomous payments. These behaviors are coherent for an agentic wallet, but the combination of broad install actions, third-party signing proxy, and real-money autonomy makes this a high-trust skill that should be treated cautiously rather than benign.