Agent Credit

v1.0.0

Borrow from Aave via credit delegation. Agent self-funds by borrowing against delegator collateral. Supports borrow, repay, health checks. Works on Aave V2/V3.

⭐ 1· 1.4k·0 current·0 all-time

by@aaronjmars

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aaronjmars/agent-credit.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Agent Credit" (aaronjmars/agent-credit) from ClawHub.
Skill page: https://clawhub.ai/aaronjmars/agent-credit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-credit

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-credit

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description accurately describe what the code does: scripts implement borrow/repay/status for Aave credit delegation. However registry metadata claims no required binaries/env vars/config paths while the SKILL.md and scripts require Foundry's 'cast', jq, bc and a config.json with an agent private key and RPC URL. That mismatch (declared requirements = none vs. actual requirements = cast/jq/bc + config with key) is an incoherence worth noting but it does not indicate misdirection — it looks like incomplete metadata.

Instruction Scope

The SKILL.md explicitly instructs users to create a config file containing the agent's private key (~ ~/.openclaw/skills/aave-delegation/config.json) and to run the provided scripts. That is within the stated purpose but expands the attack surface: storing a signing key on disk and giving an autonomous agent scripts that can borrow funds is intrinsically dangerous. The README/safety.md discuss mitigations, but the instructions still allow continuous autonomous borrowing and rely on the user to set delegation ceilings and file permissions. The skill does not attempt to access unrelated system files, but it does require sensitive credentials to be present locally.

ℹ

Install Mechanism

There is no formal install spec in the registry (instruction-only), which lowers supply-chain risk. However SKILL.md recommends installing Foundry via 'curl -L https://foundry.paradigm.xyz | bash && foundryup' to get 'cast' — that is a remote install script. The scripts also rely on jq and bc but these requirements are not declared in registry metadata. Overall install risk is moderate: no arbitrary binary downloads from unknown servers in the repo, but the recommended Foundry bootstrap runs a remote installer and required binaries are undeclared.

Credentials

The skill requires an agent signing key (agentPrivateKey) and the delegator's address and RPC URL in config.json to operate. Requesting a private key is proportionate for a component that must sign on-chain transactions, but this is high privilege and the skill's registry entry lists no required credentials/env vars (incoherent). The scripts also accept environment variable overrides (AAVE_AGENT_PRIVATE_KEY, AAVE_RPC_URL, etc.) that aren't declared in the registry. The skill does not request unrelated third-party credentials, but storing a private key in plaintext on disk is a major risk vector if the host is compromised.

Persistence & Privilege

always: false (good). Autonomous invocation is allowed (platform default) and is necessary for the skill's purpose, but combined with the private key and ability to borrow funds, it substantially increases blast radius: a compromised agent or a prompt-injection attack could instruct the skill to borrow up to the delegated allowances. The repo includes safety guidance (per-tx caps, HF checks, revocation advice) and the borrow script enforces multiple checks, which mitigates some risk, but the overall privilege (signing transactions + autonomous borrow capability + integration guidance to combine with swapping/bridging tools) warrants caution.

What to consider before installing

This skill is functionally consistent with its description (it really does borrow/repay/check Aave delegation), but it carries significant operational risk. Before installing: - Do not delegate large amounts. Use 'approveDelegation' with conservative ceilings (start $50–$100) and avoid type(uint256).max. - Use a dedicated agent wallet with minimal native funds and minimal exposure; never put your main wallet's key into the skill. - Prefer storing the agent key in a secure secrets manager or ephemeral environment variable rather than plaintext config.json; if you must use config.json, set strict file permissions (chmod 600) and keep the file off version control. - Verify and audit the scripts yourself (they are plain bash) and test on a public testnet (Base Sepolia / Eth Sepolia) before using mainnet. - Be aware the registry metadata omits required binaries/env vars: you'll need 'cast' (Foundry), jq, and bc. The SKILL.md suggests installing Foundry via its installer script — review that installer before running it. - Limit agent autonomy where possible (require manual approval for borrows), monitor health factor and delegation allowances continuously, and revoke delegation when idle. If you want, I can: (a) list the exact lines where the scripts read private keys and env vars, (b) produce a minimal checklist to harden deployment, or (c) propose a safer architecture (e.g., use an HSM or remote signer) to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

aavevk973pzqw8qk5g3d4jh8ct226sh80nxgzagent-creditvk973pzqw8qk5g3d4jh8ct226sh80nxgzcreditvk973pzqw8qk5g3d4jh8ct226sh80nxgzlatestvk973pzqw8qk5g3d4jh8ct226sh80nxgz

1.4kdownloads

1stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Aave Credit Delegation

Borrow funds from Aave using delegated credit. Your main wallet supplies collateral and delegates borrowing power to the agent's wallet. The agent can then autonomously borrow tokens when needed — the debt accrues against the delegator's position.

Protocol: Works on Aave V3 and Aave V2 — the function signatures for credit delegation (borrow, repay, approveDelegation, borrowAllowance) are identical across both versions. Just swap in the V2 LendingPool and ProtocolDataProvider addresses. The only cosmetic difference: V3 returns collateral/debt in USD (8 decimals), V2 in ETH (18 decimals). The health factor safety check works correctly on both.

Compatible With

OpenClaw — Install as a skill, the agent borrows autonomously
Claude Code — Run scripts directly from a Claude Code session
Any agent framework — Plain bash + Foundry's cast, works anywhere with a shell

Combines with Bankr skills for borrow-then-swap flows: borrow USDC via delegation, then use Bankr to swap, bridge, or deploy it.

How Credit Delegation Works

Credit delegation in Aave V3 separates two things: borrowing power and delegation approval.

Borrowing power is holistic. It comes from your entire collateral position across all assets. If you deposit $10k worth of ETH at 80% LTV, you have $8k of borrowing power — period. That borrowing power isn't locked to any specific asset.

Delegation approval is isolated per debt token. You control which assets the agent can borrow and how much of each by calling approveDelegation() on individual VariableDebtTokens. Each asset has its own debt token contract, and each approval is independent.

This means you can, for example:

Deposit ETH as collateral (gives you broad borrowing power)
Approve the agent to borrow up to 500 USDC (via the USDC VariableDebtToken)
Approve the agent to borrow up to 0.1 WETH (via the WETH VariableDebtToken)
Leave cbETH unapproved (agent cannot borrow it at all)

The agent can only borrow assets you've explicitly approved, up to the amounts you've set — but the capacity to borrow comes from your total collateral, not from any single deposit.

Your Collateral (holistic)              Delegation Approvals (isolated)
┌─────────────────────────┐             ┌──────────────────────────────┐
│  $5k ETH                │             │  USDC DebtToken → agent: 500 │
│  $3k USDC               │  ───LTV───▶ │  WETH DebtToken → agent: 0.1 │
│  $2k cbETH              │   = $8k     │  cbETH DebtToken → agent: 0  │
│  Total: $10k @ 80% LTV  │  capacity   └──────────────────────────────┘
└─────────────────────────┘

Flow

Delegator (your wallet)                 Agent Wallet (delegatee)
    │                                        │
    │  1. supply collateral to Aave          │
    │  2. approveDelegation(agent, amount)   │
    │        on the VariableDebtToken        │
    │                                        │
    │            ┌─── 3. borrow(asset,       │
    │            │       amount, onBehalfOf   │
    │            │       = delegator)         │
    │            │                            │
    │     [debt on YOUR position]    [tokens in agent wallet]
    │            │                            │
    │            └─── 4. repay(asset,         │
    │                    amount, onBehalfOf   │
    │                    = delegator)         │

Quick Start

Prerequisites

Foundry must be installed (cast CLI):

curl -L https://foundry.paradigm.xyz | bash && foundryup

Delegator setup (done ONCE by the user, NOT the agent):
- Supply collateral to Aave V3 (via app.aave.com or contract)
- Call approveDelegation(agentAddress, maxAmount) on the VariableDebtToken of the asset you want the agent to borrow
- The VariableDebtToken address can be found via: cast call $DATA_PROVIDER "getReserveTokensAddresses(address)(address,address,address)" $ASSET --rpc-url $RPC

Configure the skill:

mkdir -p ~/.openclaw/skills/aave-delegation
cat > ~/.openclaw/skills/aave-delegation/config.json << 'EOF'
{
  "chain": "base",
  "rpcUrl": "https://mainnet.base.org",
  "agentPrivateKey": "0xYOUR_AGENT_PRIVATE_KEY",
  "delegatorAddress": "0xYOUR_MAIN_WALLET",
  "poolAddress": "0xA238Dd80C259a72e81d7e4664a9801593F98d1c5",
  "dataProviderAddress": "0x2d8A3C5677189723C4cB8873CfC9C8976FDF38Ac",
  "assets": {
    "USDC": {
      "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
      "decimals": 6
    },
    "WETH": {
      "address": "0x4200000000000000000000000000000000000006",
      "decimals": 18
    }
  },
  "safety": {
    "minHealthFactor": "1.5",
    "maxBorrowPerTx": "1000",
    "maxBorrowPerTxUnit": "USDC"
  }
}
EOF

Verify setup:
```
scripts/aave-setup.sh
```

Core Usage

Check Status (allowance, health, debt)

# Full status report
scripts/aave-status.sh

# Check specific asset delegation
scripts/aave-status.sh USDC

# Just health factor
scripts/aave-status.sh --health-only

Borrow via Delegation

# Borrow 100 USDC
scripts/aave-borrow.sh USDC 100

# Borrow 0.5 WETH
scripts/aave-borrow.sh WETH 0.5

The borrow script automatically:

Checks delegation allowance (sufficient?)
Checks delegator health factor (safe to borrow?)
Executes the borrow
Reports the result

Repay Debt

# Repay 100 USDC
scripts/aave-repay.sh USDC 100

# Repay all USDC debt
scripts/aave-repay.sh USDC max

The repay script automatically:

Approves the Pool to spend the token (if needed)
Executes the repay
Reports remaining debt

Safety System

Every borrow operation runs these checks BEFORE executing:

Delegation allowance — Is the remaining allowance >= requested amount?
Health factor — Is the delegator's health factor > minHealthFactor (default 1.5) AFTER this borrow?
Per-tx cap — Is the amount <= maxBorrowPerTx?
Confirmation — Logs the full operation details before sending

If ANY check fails, the borrow is aborted with a clear error message.

⚠️ The agent must NEVER bypass safety checks. If the user asks the agent to borrow and the health factor is too low, the agent should refuse and explain why.

Capabilities

Read Operations (no gas needed)

Check delegation allowance — How much can the agent still borrow?
Check health factor — Is the delegator's position safe?
Check outstanding debt — How much does the delegator owe on each asset?
Check available liquidity — Is there enough in the Aave pool to borrow?
Resolve debt token addresses — Look up VariableDebtToken for any asset

Write Operations (needs gas in agent wallet)

Borrow — Draw funds from Aave against delegated credit
Repay — Return borrowed funds to reduce delegator's debt
Approve — Approve Pool to spend tokens for repayment

Supported Chains

Chain	Pool Address	Gas Cost
Base	`0xA238Dd80C259a72e81d7e4664a9801593F98d1c5`	Very Low
Ethereum	`0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2`	High
Polygon	`0x794a61358D6845594F94dc1DB02A252b5b4814aD`	Very Low
Arbitrum	`0x794a61358D6845594F94dc1DB02A252b5b4814aD`	Low

See deployments.md for full address list including debt tokens.

Common Patterns

Agent Self-Funding for Gas

# Check if we have enough gas
BALANCE=$(cast balance $AGENT_ADDRESS --rpc-url $RPC)
if [ "$BALANCE" -lt "1000000000000000" ]; then  # < 0.001 ETH
  # Borrow a small amount of WETH for gas
  aave-borrow.sh WETH 0.005
fi

Borrow + Swap via Bankr

# Borrow USDC from delegated credit
aave-borrow.sh USDC 100
# Swap to ETH using Bankr
bankr.sh "Swap 100 USDC for ETH on Base"

Periodic DCA

# Agent borrows USDC weekly and swaps to ETH
aave-borrow.sh USDC 100
bankr.sh "Swap 100 USDC for ETH on Base"

Safety-First Portfolio Rebalance

# Always check health first
aave-status.sh
# Only borrow if healthy
aave-borrow.sh USDC 500

Configuration Reference

config.json Fields

Field	Required	Description
`chain`	Yes	Chain name (base, ethereum, polygon, arbitrum)
`rpcUrl`	Yes	JSON-RPC endpoint URL
`agentPrivateKey`	Yes	Agent wallet private key (0x-prefixed)
`delegatorAddress`	Yes	User's main wallet that delegated credit
`poolAddress`	Yes	Aave V3 Pool contract address
`dataProviderAddress`	Yes	Aave V3 PoolDataProvider address
`assets`	Yes	Map of symbol → {address, decimals}
`safety.minHealthFactor`	No	Min HF after borrow (default: 1.5)
`safety.maxBorrowPerTx`	No	Max borrow per transaction (default: 1000)
`safety.maxBorrowPerTxUnit`	No	Unit for maxBorrowPerTx (default: USDC)

Environment Variables (override config)

Variable	Overrides
`AAVE_RPC_URL`	`rpcUrl`
`AAVE_AGENT_PRIVATE_KEY`	`agentPrivateKey`
`AAVE_DELEGATOR_ADDRESS`	`delegatorAddress`
`AAVE_POOL_ADDRESS`	`poolAddress`
`AAVE_MIN_HEALTH_FACTOR`	`safety.minHealthFactor`

Error Handling

Error	Cause	Fix
`INSUFFICIENT_ALLOWANCE`	Delegation amount exceeded	Delegator must call `approveDelegation()` again
`HEALTH_FACTOR_TOO_LOW`	Borrow would risk liquidation	Reduce amount or add collateral
`AMOUNT_EXCEEDS_CAP`	Per-tx safety cap hit	Reduce amount or update config
`INSUFFICIENT_LIQUIDITY`	Not enough in Aave pool	Try smaller amount or different asset
`INSUFFICIENT_GAS`	Agent wallet has no native token	Send gas to agent wallet
`EMODE_MISMATCH`	Asset incompatible with delegator's eMode	Borrow an asset in the same eMode category

Security

See safety.md for the full threat model and emergency procedures.

Critical rules:

The delegator's private key must NEVER be in this repo, config, or scripts — this is the agent's workspace. The delegator manages their side via the Aave UI or a block explorer.
Never commit config.json to version control — it contains the agent's private key
Never set minHealthFactor below 1.2 — liquidation happens at 1.0
Always cap delegation amounts — never approve type(uint256).max
Monitor delegator health — set up alerts if HF drops below 2.0
Agent must refuse to borrow if safety checks fail, even if instructed to

Resources

Aave V3 Docs: https://docs.aave.com/developers
Credit Delegation Guide: https://docs.aave.com/developers/guides/credit-delegation
Aave Address Book: https://github.com/bgd-labs/aave-address-book
Foundry Book: https://book.getfoundry.sh/
DebtToken Reference: https://docs.aave.com/developers/tokens/debttoken

Comments

Loading comments...