Is joaoolucas/n0ir-defi-yield-scout safe?

https://github.com/openclaw/skills/tree/main/skills/joaoolucas/n0ir-defi-yield-scout

94
SAFE

This is a legitimate DeFi yield farming comparison tool that fetches data from DeFiLlama APIs to help users find USDC investment opportunities on Base and Arbitrum networks. The skill contains no malicious code, prompt injections, or data exfiltration attempts.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

INFO External API Dependencies -5

The skill makes HTTP requests to DeFiLlama APIs for fetching yield farming data. While this is the intended functionality, it creates a dependency on external services.

INFO Local Data Caching -5

The tool caches API responses in temporary files with a 15-minute TTL. This is standard practice but creates temporary files on the system.