dapp-aave

SUSPICIOUS. The functional scope matches an Aave lending skill, but the install and trust model does not: it bootstraps a high-impact crypto transaction CLI via curl|sh from a personal GitHub repo rather than a verifiable OKX-owned distribution path. Because the skill also requires a private key for financial actions and forwards that capability to the installed CLI, the overall risk is high even without confirmed malicious code.