mmk-paymint-bulk-send

The skill’s stated function and visible arguments are consistent with bulk invoice sending, and there is no direct evidence of credential theft or unrelated capabilities in this fragment. However, the central `mmk` CLI could not be publicly verified as an official, auditable tool, so the skill carries high supply-chain risk and is best classified as suspicious rather than malicious.