strategy-auto-rebalance

SUSPICIOUS. The skill's stated purpose matches its DeFi automation behavior, but it combines automatic remote installation, transitive skill installation, local config access, suppressed output, and autonomous on-chain fund movements. This looks more like a high-risk financial automation skill than confirmed malware; the main concerns are supply-chain trust and autonomous real-world actions rather than clear credential theft.