Defillama Data Aggregator

v1.0.3

Professional DeFi data aggregator that provides unified access to TVL, protocols, chains, and yields data from DefiLlama. Supports multiple output formats (J...

⭐ 1· 50·0 current·0 all-time

by@deanpeng-dotcom

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name, description, required binaries (node, npm), dependencies, and the implemented HTTP calls align with a DefiLlama aggregator. The code only contacts DefiLlama and Yields endpoints by default. Small mismatch: SKILL.md claims “No File Persistence” for data (true: caching is in-memory) but the install script creates a local config file (config/keys.js), which is reasonable for configuration but contradicts the literal wording.

ℹ

Instruction Scope

Runtime instructions are limited to running the CLI (node src/index.js ...) and npm install. The SKILL.md and README document only DefiLlama endpoints. However, the source code (src/utils/api-client.js) contains an undocumented feature to perform 'IP direct' requests with a custom ipBaseUrl, Host header and the option to disable certificate verification; that expands networking behavior beyond the documented scope and is not explained in runtime instructions.

✓

Install Mechanism

No remote arbitrary binary download; installation is standard npm install and an optional local install script that copies a config example and runs npm link. package.json dependencies are normal for a CLI (axios, commander, chalk, node-cache, etc.).

ℹ

Credentials

The skill declares no required environment variables or credentials, which matches its use of public DefiLlama APIs. Minor points: debug behavior relies on process.env.DEBUG (not declared) and the code supports configurable fields (useIpDirect, ipBaseUrl, hostHeader, rejectUnauthorized) via config; those networking options could be set in config/keys.js to alter behavior and are not represented in the SKILL.md.

✓

Persistence & Privilege

The skill is not set always:true and does not modify other skills. It creates a local config file via the install script (config/keys.js) and links a CLI when the install script runs — both expected for a CLI tool, but note the install script will run npm link which modifies the local environment if executed.

What to consider before installing

This package mostly does what it says: it queries DefiLlama/yields APIs and formats results. Before installing or running it: 1) Inspect config/keys.js (the install script will copy config/keys.example.js to config/keys.js) and ensure baseUrl remains the official https://api.llama.fi and yields URL; 2) Search src/utils/api-client.js for the useIpDirect/ipBaseUrl/hostHeader/rejectUnauthorized options — do not enable useIpDirect or set ipBaseUrl/hostHeader unless you trust the destination and understand the TLS implications (rejectUnauthorized=false disables certificate verification and can be used to bypass TLS/SNI protections); 3) Review package.json dependencies and run npm install in an isolated environment if you are cautious (or audit packages beforehand); 4) The install script runs npm link (creates a global CLI) — if you prefer not to modify your system, skip npm link and run the CLI by invoking node src/index.js directly; 5) If you need stronger assurance, run the code in a network-restricted sandbox or container so the process only has outbound access to the official DefiLlama endpoints. The hidden IP-direct capability is the main reason this package is flagged as suspicious rather than benign.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode, npm

latestvk97ad24hx67036qnv9mdsgcav984q357

50downloads

1stars

1versions

Updated 1w ago

v1.0.3

MIT-0

DefiLlama Data Aggregator

Professional DeFi data at your fingertips. Query TVL, protocols, chains, and yields from DefiLlama with a single command.

What This Skill Does

TVL Query - Get total DeFi TVL or individual chain TVL
Protocol Data - Query protocol details, rankings, and filter by category
Chain Statistics - Get TVL for specific chains (Ethereum, Solana, etc.)
Yield Pools - Find high-yield opportunities with filtering options
Health Monitoring - Check API availability status

Quick Start

# Get total DeFi TVL
node {skillDir}/src/index.js defillama tvl

# Get protocol TVL
node {skillDir}/src/index.js defillama protocol --name aave

# Get top protocols by TVL
node {skillDir}/src/index.js defillama protocols --limit 10 --sort tvl --format table

# Get chain TVL
node {skillDir}/src/index.js defillama chain --name ethereum

# Find high-yield pools
node {skillDir}/src/index.js defillama yields --min-apy 10 --chain ethereum --limit 20

# Check API health
node {skillDir}/src/index.js health

Commands

TVL Commands

Command	Description	Example
`tvl`	Get total DeFi TVL	`node {skillDir}/src/index.js defillama tvl`
`protocol --name <name>`	Get protocol TVL	`node {skillDir}/src/index.js defillama protocol --name uniswap`
`chain --name <name>`	Get chain TVL	`node {skillDir}/src/index.js defillama chain --name solana`

Protocol Commands

Command	Description	Example
`protocols`	List all protocols	`node {skillDir}/src/index.js defillama protocols`
`protocols --category <cat>`	Filter by category	`node {skillDir}/src/index.js defillama protocols --category lending`
`protocols --min-tvl <usd>`	Filter by minimum TVL	`node {skillDir}/src/index.js defillama protocols --min-tvl 100000000`
`protocols --limit <n>`	Limit results	`node {skillDir}/src/index.js defillama protocols --limit 20`

Yield Commands

Command	Description	Example
`yields`	List yield pools	`node {skillDir}/src/index.js defillama yields`
`yields --min-apy <pct>`	Filter by minimum APY	`node {skillDir}/src/index.js defillama yields --min-apy 15`
`yields --chain <name>`	Filter by chain	`node {skillDir}/src/index.js defillama yields --chain arbitrum`
`yields --min-tvl <usd>`	Filter by minimum TVL	`node {skillDir}/src/index.js defillama yields --min-tvl 1000000`
`yields --stablecoin`	Stablecoin pools only	`node {skillDir}/src/index.js defillama yields --stablecoin`

Utility Commands

Command	Description	Example
`health`	Check API health	`node {skillDir}/src/index.js health`
`status`	Show system status	`node {skillDir}/src/index.js status`

Output Formats

All data commands support multiple output formats:

# Pretty format (default, human-readable)
node {skillDir}/src/index.js defillama tvl --format pretty

# JSON format (for scripts and parsing)
node {skillDir}/src/index.js defillama tvl --format json

# Table format (for quick overview)
node {skillDir}/src/index.js defillama protocols --limit 10 --format table

# CSV format (for spreadsheets)
node {skillDir}/src/index.js defillama protocols --limit 50 --format csv

Use Cases

For DeFi Investors

"Show me the top 10 lending protocols by TVL"
"Find yield pools on Ethereum with APY above 15%"
"What is the current TVL of Aave?"

For Data Analysts

"Export all protocols data to CSV"
"Get the TVL distribution across chains"
"Compare lending vs DEX TVL"

For Developers

"Check if DefiLlama API is healthy"
"Get protocol data in JSON format"
"Find pools with minimum 1M TVL"

Security Features

Input Sanitization - All inputs validated and sanitized
Error Filtering - API errors filtered to prevent information leakage
Range Validation - Numeric inputs validated against bounds
Pattern Validation - Protocol/chain names follow strict rules

Security Notes

No API Keys Required: This skill uses DefiLlama's public API which does not require authentication
External Requests: Data is fetched from:
- https://api.llama.fi (DefiLlama API)
- https://yields.llama.fi (DefiLlama Yields API)
No Local Server: This skill does not start any local HTTP server
No File Persistence: No data is persisted locally (caching is in-memory only)
Input Validation: All user inputs are sanitized to prevent injection attacks

Installation

Prerequisites

Node.js >= 16.0.0
npm

Setup

cd {skillDir}
npm install

API Reference

DefiLlama Endpoints Used

Endpoint	Description
`https://api.llama.fi/tvl`	Total DeFi TVL
`https://api.llama.fi/protocols`	All protocols
`https://api.llama.fi/protocol/{name}`	Protocol details
`https://api.llama.fi/chains`	All chains
`https://yields.llama.fi/pools`	Yield pools

Error Handling

The skill provides user-friendly error messages:

Error Type	Message
Invalid protocol name	"Only alphanumeric characters and hyphens allowed"
Invalid chain name	"Only alphanumeric characters, spaces, and hyphens allowed"
Network error	"Check internet connection and try again"
Rate limit	"Rate limit exceeded, please wait"
API unavailable	"Service temporarily unavailable"

Examples

Get Top Protocols

node {skillDir}/src/index.js defillama protocols --limit 10 --sort tvl --format table

Find High-Yield Pools

node {skillDir}/src/index.js defillama yields --min-apy 20 --min-tvl 1000000 --limit 5

Check Health

node {skillDir}/src/index.js health

Troubleshooting

Protocol Not Found

Ensure the protocol name matches DefiLlama's naming (e.g., aave-v3 not aave v3)
Check if the protocol is listed on DefiLlama

Chain Not Found

Use lowercase chain names (e.g., ethereum not Ethereum)
For multi-word chains, use hyphens (e.g., polygon-pos)

No Results from Yields

Try lowering the --min-apy or --min-tvl thresholds
Ensure the chain name is valid

Network Errors

Check internet connectivity
DefiLlama API may be temporarily unavailable

Version: 1.0.3
Last Updated: 2026-03-31
Maintainer: AntalphaAI
License: MIT

Comments

Loading comments...