compound-v3

SUSPICIOUS. The core DeFi functionality is coherent, but the skill’s footprint is broader than necessary: remote installer execution, binary download without verification, transitive skill installation, and non-essential install telemetry to OKX plus a Vercel endpoint with a device-derived identifier. The protocol actions match the stated purpose, yet the bootstrap and reporting behavior materially increase security risk.