mmk-paymint-send

SUSPICIOUS. The stated purpose and command usage are coherent for invoicing, but the skill’s trust model is weak: it relies on an unverifiable external `mmk` CLI, likely uses shared credentials through that CLI, and performs a real-world financial action. No direct evidence of malware or overt exfiltration appears in this skill text, but the dependency and credential-forwarding risk are disproportionate enough to classify it as suspicious/high risk.