pump-fun

SUSPICIOUS. The stated purpose matches Solana/pump.fun trading, but the footprint is broader than necessary: it installs an unverifiable binary, adds other skills transitively, and sends installation telemetry with device-derived identifiers to third-party endpoints. The financial-action capability is inherently high impact, and the install/data-flow model is not proportionate to a simple trading helper.