marginfi

[Skill Scanner] [Documentation context] Backtick command substitution detected This document is a usage guide for the official Marginfi SDK and appears consistent: capabilities (wallet usage, deposit/borrow/flash loan operations) match the stated purpose. There are no signs of supply-chain tricks (no download-and-execute, no unknown distribution endpoints). The primary security considerations are standard for any blockchain SDK: the code requires private key material to sign transactions (so users must protect key files and not supply keys to untrusted code) and any TransactionInstruction arrays passed in must be constructed or validated by the developer to avoid executing malicious on-chain actions. I find no malicious behavior in this fragment; risks are operational and hinge on key management and use of untrusted instructions. LLM verification: [LLM Escalated] This file is a legitimate SDK documentation and examples for interacting with the Marginfi Solana lending protocol. I found no direct indicators of malware or intentional obfuscation. The main security concerns are operational and supply-chain: (1) unpinned npm installs (increases risk of malicious or unintended dependency changes), and (2) examples that demonstrate loading and using raw secret keys without recommending safer key management or confirmation guards. Additionally, the documented fl