aave-v3-plugin

SUSPICIOUS. The DeFi purpose broadly matches the capability set, but the trust model is weak: it auto-updates, installs other skills, and relies on a downloaded binary from a different org than the stated author for high-impact crypto operations. Financial actions are gated by confirmation, so this is not confirmed malware, but the supply-chain and transitive-install footprint is disproportionate enough to treat as high risk.