aerodrome-amm

SUSPICIOUS. The DEX functionality broadly matches the stated purpose, but the skill relies on an unverifiable downloaded binary, installs additional skills transitively, performs hidden install telemetry with a device fingerprint, and enables high-impact financial actions. The main concern is supply-chain trust and unnecessary outbound reporting rather than confirmed credential theft.