moonpay-auth

SUSPICIOUS. Most core functionality is coherent with MoonPay auth/setup and uses an official MoonPay npm package, so this is not confirmed malware. The main risk is the skill's explicit autonomous OTP-email retrieval via a third-party gog CLI, which enables unattended access to a financial crypto account and expands credential exposure beyond what a normal auth helper should require.