sp3nd

SUSPICIOUS: The skill’s capabilities mostly match its shopping/payment purpose, and installs come from standard sources, but it grants an AI agent high-impact autonomous purchasing and crypto payment abilities while handling PII and API secrets. The main concern is not hidden malware behavior but the inherent risk and trust required for autonomous real-world spending through a third-party commerce backend.