ClawHub

Defi Yield Scanner

v1.0.0

Scan DeFi protocols for the best yield opportunities. Covers Aave, Compound, Curve, Yearn, Uniswap v3, and emerging L2 protocols. Compares APY vs risk, track...

0· 1.1k·7 current·7 all-time
by@jamierossouw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DeFi yield scanner) align with the instructions: it pulls APY/TVL/metadata from public DeFi APIs (DeFiLlama, Curve, Yearn, The Graph/Aave). No unrelated binaries, creds, or config paths are requested.
Instruction Scope
SKILL.md is high-level: it instructs the agent to fetch live APY/TVL and apply risk filters and return entry instructions. It does not ask for private keys or local files, but is vague about exact queries, risk-data sources, or whether the agent should ever initiate on-chain transactions or request wallet signing. That vagueness grants the agent discretionary actions unless constrained by the platform.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and no external packages are pulled. This is the lowest install risk.
Credentials
The skill requires no environment variables, credentials, or config paths. This is proportionate for a read-only data-aggregation scanner using public APIs.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modifications to other skills or system-wide settings. It can be invoked by the agent normally (default autonomous invocation), which is expected for a data-fetching skill.
Assessment
This skill appears coherent with its stated purpose and uses public DeFi APIs only, but review these points before installing: 1) Confirm you are comfortable with the agent making outbound network requests to the listed endpoints (api.llama.fi, curve.fi, yearn.fi, The Graph/Aave); 2) The SKILL.md is intentionally high-level — clarify whether the agent is permitted to execute transactions or request wallet signing (it currently does not ask for keys, and you should never supply private keys); 3) Expect no built-in authentication — some APIs may require rate-limited keys or return incomplete data under heavy use; 4) Treat recommendations as informational, not investment advice; test on small amounts or in a sandbox before acting on execution instructions; 5) If you need stronger controls, require the skill to explicitly list queries it will run and to never initiate on-chain transactions without explicit user confirmation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e14cjd780b409a43wpe62b181k80p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments