mmk-paymint-cancel

SUSPICIOUS. The skill’s visible command matches its stated refund purpose, but the entire action depends on an unverifiable `mmk` CLI with opaque auth and network behavior. Because the binary provenance and backend data flows cannot be established, and the action can trigger financial refunds, the skill carries high security risk despite limited direct evidence of malware.