n0ir DeFi Yield Scout
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a coherent DeFi yield comparison skill that runs a local Python script against DeFiLlama, with no evidence of credential use, wallet access, on-chain transactions, or hidden data exfiltration.
This looks reasonable for an informational DeFi yield scanner. Before installing, be comfortable with a local Python script making HTTPS requests to DeFiLlama and caching public pool data briefly, and verify any APY, protocol risk, and migration recommendation independently before moving funds.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python command and make live data requests before answering yield questions.
The skill grants Bash use so the agent can execute the bundled Python CLI. This is central to the stated purpose and the shown commands are read-only analysis commands, not fund-moving or destructive operations.
allowed-tools: Read, Bash ... The CLI tool is at `scripts/yield_scout.py` ... Run it with `python3`.
Install only if you are comfortable with the agent running this local script; review the results before making any financial decision.
Users have less publisher/source context when deciding whether to trust the tool's DeFi analysis.
The registry metadata does not provide a source repository or homepage, so the package provenance and claimed affiliation are not independently established by the metadata.
Source: unknown Homepage: none
Verify the publisher and project identity separately if brand affiliation or financial reliability matters to you.
Results may come from a short-lived local cache rather than a fresh API request on every invocation.
The tool persists fetched pool data briefly in a shared temporary-file location and reuses it during the TTL. The cached data appears to be public yield data, not sensitive user data.
CACHE_PATH = os.path.join(tempfile.gettempdir(), "yield_scout_pools.json") CACHE_TTL = 900 # 15 minutes
If freshness is important, rerun after the cache expires or inspect/clear the temp cache before relying on the numbers.