v1.0.0

Gekko Yield

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:16 AM.

Analysis

This DeFi skill is coherent, but it can control real wallet funds with a private key and has auto-compound behavior that may move more USDC than a user expects.

GuidanceReview carefully before installing. If you use it, create a dedicated Base hot wallet with limited funds, verify the vault and router addresses yourself, avoid running auto-compound while unrelated USDC is in the wallet, and approve every transaction manually before signing.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/compound.ts

const usdcBalance = await getTokenBalance(publicClient, USDC_ADDRESS, account.address); ... args: [usdcBalance, account.address]

After swapping rewards, the compound flow deposits the wallet's full USDC balance into the vault, not just the USDC produced by reward swaps.

User impactA user who runs auto-compound could unintentionally deposit unrelated USDC sitting in the wallet.

RecommendationLimit compounding to the measured swap output or require an explicit amount and confirmation before depositing any existing USDC balance.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/compound.ts

const assembled = await assembleOdosTransaction(quote.pathId, account.address); ... walletClient.sendTransaction({ to: assembled.transaction.to as Address, data: assembled.transaction.data as Hex

The script sends a transaction assembled by an external API without shown validation that the target and calldata match an expected Odos router/action.

User impactIf the aggregator response is wrong or compromised, the wallet may sign an unintended transaction.

RecommendationValidate the transaction target, decode and display calldata, simulate the exact transaction, and require explicit user confirmation before signing.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

For a real-funds skill, limited provenance and an absent install spec make it harder for users to verify the origin and expected setup path, even though the visible package files are ordinary.

User impactUsers have less independent context for trusting code that can sign transactions.

RecommendationPublish a verifiable source repository/homepage and align registry install metadata with the scripts and dependencies.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Earn safe yield on USDC ... one of the safest places to earn yield on Base

The documentation uses strong safety claims for a DeFi strategy that still involves smart-contract, market, wallet, and transaction-signing risk.

User impactA user may underestimate the financial risk of using a hot wallet and depositing funds into a DeFi vault.

RecommendationKeep the risk warnings prominent and avoid presenting DeFi yield as safe or guaranteed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Private keys loaded at runtime from environment variable

The skill needs a wallet private key that can sign real blockchain transactions, while the registry section declares no required env vars and no primary credential.

User impactInstalling and using this skill may give the agent access to a hot wallet capable of moving real funds.

RecommendationUse only a dedicated limited-balance wallet, explicitly declare the required PRIVATE_KEY credential in metadata, and require user approval before every transaction.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/config.ts

const logDir = expandPath('~/.config/gekko-yield/logs'); ... appendFileSync(logPath, JSON.stringify(entry) + '\n');

The skill persistently stores transaction hashes, amounts, and related financial details in local logs for later reports.

User impactLocal logs may reveal wallet activity and financial position history to anyone with access to the machine.

RecommendationProtect the config directory, document log retention, and offer a way to disable or clear local financial logs.