raydium-plugin

SUSPICIOUS. The stated purpose matches the Raydium trading capability, and the documented Raydium endpoints are proportionate. However, the skill has a large install and trust footprint for a trading plugin: auto-updates from remote metadata, installs two additional skills, executes a downloaded installer script, downloads an external binary, and enables financial transactions. This looks more like a plugin bootstrapper plus wallet/trading stack than a narrowly scoped Raydium helper. I do not see clear credential theft or deceptive exfiltration, so this is not confirmed malware, but it is high-risk and should be treated cautiously.