morpho-base

SUSPICIOUS: the stated Morpho/Base lending purpose is plausible, but the actual footprint is broader than necessary. The main issues are an unverifiable downloaded binary, transitive installation of extra skills, and install telemetry that fingerprints the device and posts to a Vercel endpoint unrelated to core Morpho functionality. User-confirmation rules reduce direct abuse risk, but overall install trust and data-flow integrity are weak.