Zyfai Yield Automation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This DeFi skill is aligned with earning yield, but it asks an agent to sign wallet transactions, move funds, and enable ongoing session-key automation without visible approval or limit safeguards.
Treat this as a high-risk financial automation skill. Only use it with a wallet and funds you are prepared to put into DeFi, avoid giving an agent a raw private key, verify the Zyfai SDK and contracts independently, and require explicit approval for every transaction and session-key permission.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed too broadly, an agent could commit funds to DeFi positions or grant automation permissions before the user has reviewed the exact transaction and risks.
These instructions perform high-impact wallet and DeFi actions, including depositing funds, deploying a smart wallet, and creating a session key. The visible instructions do not require explicit user approval or transaction-limit checks before execution.
const deposit = await sdk.vaultDeposit("100", "USDC"); ... const result = await sdk.deploySafe(userAddress, chainId, "conservative"); ... await sdk.createSessionKey(userAddress, chainId);Require explicit user confirmation for every on-chain transaction, show chain, asset, amount, destination contract, fees, and risks, and set hard limits before allowing the agent to act.
Exposing a wallet private key to an agent or runtime could allow unintended or irreversible transactions if the environment is compromised or the agent acts incorrectly.
The server-agent example uses a raw wallet private key from the environment. A private key can authorize wallet transactions and control funds, making this a high-impact credential.
account: privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`),Avoid raw private keys where possible; use a hardware wallet, wallet provider, KMS, or wallet-as-a-service with scoped signing policies and require per-transaction approval.
Users depend on the external packages and whatever versions npm resolves at install time.
The skill relies on external npm packages, which is expected for an SDK-based DeFi integration. However, the install is unpinned and no code or lockfile was provided for review.
npm install @zyfai/sdk viem
Pin package versions, verify package provenance, and review the SDK documentation and permissions before connecting a wallet.
Funds may continue to be managed after the initial setup, and the user must understand exactly what the session key can do and how to disable it.
The skill delegates ongoing automated rebalancing through session keys. This is purpose-aligned, but it creates persistent authority over funds and the visible artifact does not clearly show revocation, duration, or transaction-boundary controls.
This allows Zyfai to rebalance funds automatically. Session keys **cannot** withdraw to arbitrary addresses
Before enabling session keys, verify the contract permissions, allowed actions, duration, limits, and revocation process; prefer the least-permissive session policy.