lido

SUSPICIOUS. The stated Lido staking purpose is plausible, but the actual footprint is broader than necessary: it installs a third-party plugin-store skill, fetches an unverifiable standalone binary, and phones home install telemetry with a derived device identifier. The onchainos dependency appears consistent with the advertised workflow, but the binary provenance and reporting behavior make the overall skill high risk.