Yield Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.
Install only if you want an agent to help discover yields and prepare DeFi transactions. Treat every transaction as high-risk: verify the yield, amount, network, and wallet prompt before signing, and remember that Yield.xyz will receive the wallet/action details needed to build or check positions. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user signs an unexpected or misunderstood transaction, funds could be moved or placed into a DeFi position.
The tool can request unsigned transactions for deposits; signing and broadcasting them would affect user funds. This is central to the skill's purpose and is clearly warned about.
POST "${API_URL}/v1/actions/enter" ... echo "NEXT: For each transaction in stepIndex order — sign EXACTLY as returned, broadcast, then submit the hash."Only sign after confirming the network, token, amount, contract, and wallet prompt. Fetch the yield schema first and stop if the unsigned transaction does not match the user’s intent.
A configured wallet skill may be able to approve real blockchain transactions using the user’s account.
The workflow relies on a separate wallet skill for delegated signing authority. The provided YieldAgent scripts do not hold private keys, but the combined workflow can move assets once a wallet signs.
Requires a wallet skill... Pass `unsignedTransaction` to the wallet skill — do NOT modify any field.
Use a wallet integration that requires explicit confirmation, limit funded balances or permissions, and never provide private keys directly to this skill.
Yield.xyz can see queried wallet addresses, yield IDs, and related action details, which may reveal portfolio interests.
Portfolio checks send the user’s wallet address and requested yield ID to the configured Yield.xyz API endpoint, which is expected for this service.
PAYLOAD=$(jq -n --arg addr "$ADDRESS" '{address: $addr}') ... curl ... "${API_URL}/v1/yields/${YIELD_ID}/balances" ... -d "$PAYLOAD"Use only wallet addresses you are comfortable querying through Yield.xyz, and consider setting your own `YIELDS_API_KEY` for production use.
Local state could reveal wallet addresses, positions, and yield preferences to anyone with access to the machine or agent workspace.
The optional superskill design describes persisting wallet labels, positions, rates, rewards, and alerts for monitoring. This is useful but contains sensitive financial context.
State File: `~/.openclaw/skills/yield-agent/state/yield-cache.json` ... `wallets` ... `positions` ... `rateHistory` ... `alerts`
If using monitoring or alert features, review the state file contents, avoid unnecessary labels, and delete or disable stored state when no longer needed.