allium-onchain-data

SUSPICIOUS. The core API usage and official Allium data flows fit the stated blockchain analytics purpose, so this is not fundamentally malicious. However, the skill materially expands scope by reading/writing raw credentials from ~/.allium/credentials, using an undocumented-looking register-v2 polling flow, and autonomously saving API keys after background polling without a second confirmation. These are moderate credential-handling and trust concerns, but there is no evidence of third-party credential routing or clear exfiltration.