morpho

SUSPICIOUS. The DeFi purpose matches the on-chain capabilities, but the overall footprint is broader than necessary: remote installer execution, an externally hosted binary with weaker provenance, transitive skill installation, and install telemetry using a device-derived identifier. The skill is not confirmed malware, but it carries high supply-chain and privacy risk for an agent skill that can trigger financial transactions.