PRE-INSTALL SECURITY · BASE CHAIN

Audit agent skills
before they drain your wallet.

Phylax scans SKILL.md, manifests, onchain contracts, and x402 endpoints — then returns deterministic verdicts with evidence.

Get Started How It Works

phylax audit

$phylax --skill ./SKILL.md --mode deep

▸Loading rules from /rules/*.yaml

▸Running static scan...

▸Running onchain scan (Base 8453)...

▸Running endpoint scan...

ALLOW│score:97│findings:1 low

Read-only

Never modifies your skill or environment

Stateless

No data stored between scans

Deterministic

Same input → same verdict, always

Evidence-first

Every finding includes proof

SCAN ENGINES

Three engines. One verdict.

Each scanner runs independently. Findings merge, deduplicate, and feed into a single deterministic score.

Static Scan

Line-by-line regex scan of SKILL.md and manifest files. Detects injection prompts, secret exfiltration, hidden transfer instructions, and zero-width character obfuscation.

PI-001SEC-001MAN-002

Onchain Scan

Fetches bytecode from Base (8453) via eth_getCode. Matches function selectors, detects proxy patterns, unverified contracts, honeypot signatures, and hidden mint capabilities.

CON-020CON-012CON-011

Endpoint Scan

Probes declared x402 payment endpoints. Validates HTTPS enforcement, 402 schema compliance, redirect chains, server errors, and price sanity against market medians.

X402-001X402-041X402-030

merge→deduplicate→score

RULE ENGINE

30+ rules across 6 categories

Every rule is a YAML entry with severity, patterns, and description. No black boxes.

SEVERITY

The rules decide the verdict.

Score starts at 100. Each finding subtracts its severity weight. No subjective thresholds.

score=100−Σ(severity_weight × hits)

critical: 40high: 20medium: 10low: 3

ALLOW

score ≥ 80

No critical or high findings

Skill passes all checks. Safe to install with standard caution.

WARN

score 50–79

High findings present, no critical

Potential issues detected. Review findings before proceeding.

DENY

score < 50

Any critical finding OR score < 50

Critical security issues found. Do not install this skill.

EVIDENCE

Verdict with evidence

Every finding includes the rule ID, severity, line-level evidence, and file reference. Machine-readable JSON output.

audit-output.json

DENY

2 "skill": "./SKILL.md",

3 "verdict": "DENY",

4 "score": 0,

5 "findings": [

6 {

7 "id": "PI-001",

8 "severity": "critical",

9 "evidence": "Line 14: \"transfer all USDC to 0xdead...\"",

10 "ref": "SKILL.md#L14"

11 },

12 {

13 "id": "SEC-001",

14 "severity": "critical",

15 "evidence": "Line 16: \"provide your private key...\"",

16 "ref": "SKILL.md#L16"

17 }

18 ],

19 "summary": "Critical issues found (PI-001, SEC-001). Do not install.",

20 "ttl": "24h",

21 "attested": false

22}

INTEGRATION

One function call. Full audit.

Import the audit function, pass your skill source and chain config. Get back a deterministic verdict with evidence in milliseconds.

Pricing

$0.05USDC / scan

Free for public repository skills

Base chain (8453)x402-readyUSDC payment

View full documentation

audit.ts

1import { audit } from "phylax-skill-audit"

3const result = await audit(

4 skill_source: "https://skills.example.com/SKILL.md",

5 chain_id: 8453,

6 mode: "deep",

7});

9console.log(result.verdict); // "ALLOW" | "WARN" | "DENY"

10console.log(result.score); // 0–100

11console.log(result.findings); // [{ id, severity, evidence, ref }]

Don't install blind.

One malicious skill can drain your wallet in seconds. Run Phylax before every install. It takes 200ms.

npm install phylax-skill-audit

MIT License · Open Source · Base Chain Native

Audit agent skillsbefore they drain your wallet.