monskill

SUSPICIOUS. The top-level router is mostly coherent for a Monad skill bundle, but the verified mismatch between the documented Envio install command and the official Envio CLI documentation creates a real install-trust issue. The skill also expands trust to additional sub-skills and references external login and feedback flows whose exact endpoints are not fully verifiable from this file.

SUSPICIOUS: The skill's core function is coherent, but it instructs the agent to autonomously send externally stored feedback derived from user/agent context to skills.devnads.com. Privacy guidance reduces risk, yet the automatic reporting behavior and external data flow make this a medium-to-high security concern rather than benign.

SUSPICIOUS: the skill’s purpose matches wallet management, but its footprint is high risk because it enables autonomous blockchain actions and instructs decryption of the agent’s private key into shell-visible plaintext. External Foundry dependency appears official, yet the unverifiable local proposal wrapper and direct key exposure make this a high-security-risk wallet skill rather than benign low-risk automation.

SUSPICIOUS: the core scaffolding purpose is coherent for a web3 app, and most tooling is expected, but the skill expands trust by requiring additional skills and routes verification data through a third-party API. The footprint is broader than a simple scaffold guide and includes autonomous deployment-capable actions, so risk is medium-high rather than benign.