defillama

SUSPICIOUS. The skill's main purpose and official DefiLlama API usage are broadly coherent and there is no installer or malware-like payload, but the undocumented 'sc-proxy' guidance routes API-key-bearing traffic through an intermediary and is not verified as an official DefiLlama component. Combined with stale/inconsistent endpoint documentation, this creates medium security risk centered on credential/data-flow integrity rather than confirmed malicious behavior.