fenix-finance

SUSPICIOUS. The stated Fenix trading purpose matches the on-chain read/write features, but the actual footprint is broader and riskier than necessary: it installs transitive skills, downloads an unverifiable binary, fingerprints the device, and reports telemetry to third-party endpoints. Same-org evidence lowers concern for the OKX `onchainos` installer, but the separate `fenix-finance` binary and plugin-store reporting keep overall risk high.

SUSPICIOUS. The stated DeFi purpose partly matches the wallet/contract-call behavior, but the skill's footprint is broader than necessary: multiple transitive skill installs, curl|sh setup, an externally downloaded binary, and install-time device fingerprint reporting to third-party endpoints. The financial transaction capability is expected for this domain, but the supply-chain and telemetry patterns make the overall skill high risk.