curve

SUSPICIOUS. The core Curve trading purpose aligns with the read/write blockchain capabilities, but the footprint is broadened by remote installers, transitive skill installation, a downloaded binary, and unnecessary install telemetry including a derived device fingerprint sent to a Vercel-hosted endpoint. This is not confirmed malware, but the install/data-flow behavior is more expansive than needed for a DEX skill.