kamino-liquidity-plugin

SUSPICIOUS. The stated purpose matches the crypto-vault functionality, and network endpoints are mostly consistent with Kamino and same-org OKX infrastructure. However, the skill installs remote tooling, a release binary, and additional skills via mutable channels without visible checksum/signature verification, then enables on-chain financial actions. This looks more like a high-risk financial automation skill than malware, with primary concerns being supply-chain trust and autonomous transaction capability.