Paddle

SUSPICIOUS: The skill's Paddle-focused capabilities mostly match its stated purpose and its data flows point to official Paddle endpoints, so it is not overtly malicious. Risk comes from community-published distribution outside Paddle ownership, known ClawHub integrity concerns, local secret storage in agent memory files, and transitive installation of other skills.