loopscale

SUSPICIOUS. The core DeFi functionality matches the stated purpose, but the delivery model is not proportionate: it chains a raw GitHub installer, installs extra skills, downloads an unverifiable binary from a different publisher path, and phones home to third-party telemetry endpoints. Because an unverifiable executable is installed and then used for wallet-linked financial actions, this skill has high security risk even without proof of outright malware.

SUSPICIOUS. The DeFi purpose matches the lending/borrowing commands, but the overall footprint is broader than necessary: it auto-installs other skills, downloads an external binary from a non-registry release, and sends install telemetry with a derived device ID to third-party endpoints. Combined with autonomous financial actions, this makes the skill high risk even without clear proof of malware.