allium-x402

SUSPICIOUS. The skill’s blockchain-data purpose broadly matches its capabilities, but trust is weakened by a remote curl|sh installer, explicit HTTP install text, runtime fetching of additional skills, and credential/payment handling through an external CLI. This looks more like a risky same-org distribution pattern than confirmed malware, but the install and transitive-instruction model are not proportionate to a low-risk data-query skill.