ion-protocol

SUSPICIOUS. The DeFi purpose matches the read/write blockchain operations, but the install and trust model are disproportionate: remote script execution, transitive skill installs, and an unsigned binary delivered from a repo/org different from the stated author/source. Telemetry to Vercel and OKX plus obfuscated device-token generation are unnecessary for core lending. Because this skill can perform financial transactions and relies on an unverifiable externally downloaded binary, it carries high security risk even without clear proof of malware.

SUSPICIOUS. The DeFi purpose matches lending/borrowing features, but the actual footprint is broader: it performs transitive skill installs, uses a downloaded external binary with weak provenance, sends signed device telemetry to third-party endpoints, and enables immediate on-chain financial actions. This is not confirmed malware, but it is a high-risk skill with disproportionate install and execution trust concerns.