mmk-paymint-resend

SUSPICIOUS: the stated purpose is narrow and coherent, but the skill relies on an unverifiable local `mmk` executable and hides auth/data-flow details in unprovided shared skills. There is no direct evidence of malware or exfiltration in this file, yet installer trust and backend routing cannot be validated, so the overall risk remains high.