compound-v3

SUSPICIOUS. The stated DeFi purpose matches the transaction capabilities, but the install and reporting footprint is disproportionate: it chains multiple external installs, downloads and executes an externally hosted binary with mixed publisher provenance, installs additional skills, and sends host-derived telemetry to third-party endpoints. The financial actions are expected for the purpose and gated by confirmation, so this is not confirmed malware, but it is a high-risk skill from a supply-chain and data-flow perspective.