orca-plugin

SUSPICIOUS: The stated Orca swap purpose broadly matches the capabilities, but the skill relies on multiple remote install-and-execute steps, transitive skill installation, and an unverifiable released binary before enabling wallet-backed financial actions. The read-only Orca API usage is coherent, yet the execution path through onchainos and the self-updating/plugin-install behavior make the overall footprint higher risk than a narrowly scoped DEX helper should require.