Is adwilkinson/hl-privateer-fund safe?

The skill instructs the agent to follow a multi-step x402 payment flow: receive a 402 challenge, sign a USDC payment on Base network, and retry with the signed payment header. This means an agent following these instructions will spend real cryptocurrency on behalf of the user for each paid API call. While costs are small ($0.01-$0.03), there are no built-in spending limits or confirmation gates in the skill's instructions.

The skill provides detailed copy-trading instructions including polling for positions and signals. An agent configured for copy-trading could mirror leveraged perpetual futures positions, exposing the user to significant financial risk beyond the small per-call API costs.

The skill references 5+ external domains that the agent is expected to make network requests to. While these are all related to the skill's stated purpose, they expand the agent's network surface area.

The x402.md payment guide includes TypeScript examples using privateKeyToAccount('0x'), which could encourage agents to request or handle private keys in plaintext, creating a credential exposure risk.

The skill uses direct persona framing ('You are an agent') to establish the agent's role, though this is mild and contextually appropriate for a skill definition.

The x402 payment flow requires sending signed payment data (including wallet address) to the facilitator at facilitator.payai.network and the API server. This is the core functionality, not exfiltration, but exposes wallet identity to third parties.

The skill contains curl commands, TypeScript, and Python code examples that an agent might execute. These are documentation examples, not standalone executable files, but an agent with shell access could run them.

Network monitoring during clone shows only expected connections: GitHub for git clone, Ubuntu mirrors for system services, local DNS. No connections to the skill's API domains were observed during installation.