DeFi Yield Scout
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a read-only DeFi yield comparison tool, but it runs a bundled Python script and relies on cached third-party APY data that users should verify before moving funds.
This looks safe to use as an informational scanner, but treat its APY rankings and migration verdicts as research rather than financial advice. Confirm live data, protocol risk, gas, bridge costs, and pool IDs independently before moving any assets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute the local yield scanner when asked for APY comparisons.
The skill gives the agent Bash authority to run a bundled Python CLI. This is expected for the purpose of fetching and formatting live yield data, and the artifacts do not show destructive commands or wallet/account mutation.
allowed-tools: Read, Bash, Glob ... The CLI tool is at `scripts/yield_scout.py` ... Run it with `python3`.
Use it for read-only research and do not authorize unrelated shell commands or wallet transactions based solely on its output.
Users have less external source information to independently verify the skill publisher or project history.
The skill has limited provenance metadata. The bundled code shown is purpose-aligned and uses no package install, so this is a provenance note rather than a security concern.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the bundled script and registry publisher before installing, especially because the tool may influence financial decisions.
Displayed APYs, risk scores, and GO/MAYBE/NO-GO migration guidance may be wrong if the external data or local cache is stale or inaccurate.
The tool relies on third-party DeFiLlama data and reuses a predictable temporary cache for 15 minutes. This is disclosed and purpose-aligned, but stale or inaccurate cached/provider data could influence rankings and breakeven guidance.
POOLS_URL = "https://yields.llama.fi/pools" ... CACHE_PATH = os.path.join(tempfile.gettempdir(), "yield_scout_pools.json") ... CACHE_TTL = 900
Verify current pool details and risks directly on-chain or with the protocol before moving funds.