data-enrichment

SUSPICIOUS. The core purpose is coherent, but the actual footprint routes sensitive enrichment queries through a third-party gateway (`stableenrich.dev`) and a mutable external CLI (`npx agentcash@latest`) rather than official provider APIs. That combination is disproportionate for high-sensitivity personal data enrichment and creates meaningful supply-chain, privacy, and credential-forwarding risk, though it is not confirmed malware.