DeFi Yield Scout

Security checks across malware telemetry and agentic risk

Overview

This is a read-only DeFi yield comparison skill, but its migration labels should be treated as rough estimates rather than advice to move funds.

Install only as a research aid. Verify live APYs, pool IDs, smart-contract risk, bridge risk, withdrawal limits, slippage, tax impact, and actual gas or bridge costs before moving funds; do not treat GO/MAYBE/NO-GO output as financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The breakeven command prints verdicts like 'GO', 'MAYBE', and 'NO-GO' based on simplified APY and cost assumptions, but does not clearly warn users that these are heuristic estimates rather than execution-ready financial advice. In a DeFi-oriented skill, such labels can encourage users to act on incomplete analysis that omits slippage, smart-contract risk, bridge risk, withdrawal limits, tax effects, and rapidly changing yields.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal