web3-solidity-audit-mcp

SUSPICIOUS: The skill’s capabilities largely match its stated smart-contract-audit purpose, but it is a high-risk AI-agent security tool by design. The main concerns are granting an agent exploit-style auditing capabilities, runtime download/execute installation paths, and optional remote SSE mode that can move sensitive contract code off-host. This looks more like a risky but plausibly legitimate security skill than confirmed malware.