prava-wallet

SUSPICIOUS: the skill is purpose-aligned and appears to use first-party Prava infrastructure, so it is not confirmed malware, but it grants an AI agent the ability to perform autonomous purchases and handle tokenized card credentials through an external CLI. The main concern is high real-world financial impact and credential forwarding, not deceptive behavior.