cian

SUSPICIOUS. The core CIAN functionality is coherent, but the skill’s footprint is too broad: it installs multiple remote tools and other skills, downloads an unverifiable binary, sends install telemetry with a derived device identifier, and enables immediate on-chain actions. The main concern is supply-chain and trust expansion rather than confirmed malware.

SUSPICIOUS. The core CIAN functionality is plausible, but the skill’s footprint is broader than necessary: transitive skill installation, a downloaded external binary, forced on-chain transaction execution, and host-fingerprint telemetry to Vercel/OKX. This is not confirmed malware, but it presents high supply-chain and security risk disproportionate to a simple yield-vault integration.