ClawHub

DeFi Yield Scout

v1.0.0

Scan and compare USDC yield farming APYs on Base and Arbitrum, analyze vault performance, breakeven migration, and protocol risk using live DeFiLlama data.

1· 556·1 current·1 all-time
bymortiee@joaoolucas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual implementation: the Python script fetches DeFiLlama pool and chart endpoints, filters USDC pools on Base/Arbitrum, and implements scan/breakeven/history/protocols commands for the listed protocols. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md explicitly instructs the agent to run the bundled Python CLI and to consult the provided protocols reference; the runtime actions described (fetch DeFiLlama, present tables, compute breakeven) match the code. Note: the skill declares allowed-tools including 'Bash' and 'Read'—the instructions only use the Python script, but those tools could run arbitrary shell/read operations if the agent were permitted to use them. The skill's instructions themselves do not direct reading of unrelated files or exfiltration.
Install Mechanism
No install spec is included (instruction-only with a bundled script). That is low-risk and consistent with the described CLI usage. The script uses only stdlib urllib to contact yields.llama.fi and writes a short-lived cache file in the system temp directory.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not read secrets or external tokens. Network access is limited to DeFiLlama endpoints (yields.llama.fi) which is expected for this purpose.
Persistence & Privilege
The skill is not forced-always, does not require persistent privileges, and only writes a cache file to the OS temp directory. It does not modify other skills or system-wide configurations.
Assessment
This skill appears coherent and does what it claims: it queries DeFiLlama, filters USDC pools, and calculates breakeven/gives APY history. It does not ask for credentials or modify system config. Before installing/using: (1) Review the included Python script yourself or run it locally to verify behavior; (2) remember the tool caches data in /tmp (transient) and performs network requests to yields.llama.fi; (3) treat results as informational only — gas/bridge cost estimates are rough and the tool warns about this; (4) do not rely solely on the tool for on-chain actions — verify pool IDs and on-chain details before moving funds. If you want an extra safety check, run the script in an isolated environment (container) and inspect network traffic to confirm it only contacts DeFiLlama.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bb89w9k8n50sz3zvv95tm8n81c2t5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments