wasm-agent

SUSPICIOUS: the core purpose is plausible, but the skill overclaims safety. Its stated 'full sandbox isolation' conflicts with granting host `Bash` access, which can bypass the sandbox entirely. No direct malware or credential-harvesting behavior is shown in the skill text, but the external MCP server is trusted transitively and its concrete data flows are not disclosed.