Philidor — DeFi Vault Intelligence
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the skill may install and run an external Philidor command-line tool on the user's machine.
Why it was flagged
The runtime functionality is delegated to an external npm CLI package. This is clearly disclosed and central to the skill's purpose, but it means installation depends on trusting that package provenance.
Skill content
node | package: @philidorlabs/cli | creates binaries: philidor
Recommendation
Install only if you trust Philidor/@philidorlabs as a package source, and keep the CLI updated through normal package-management practices.