ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zyfai Yield Automation

v1.0.11

Earn yield on any Ethereum wallet on Base, Arbitrum, and Plasma. Use when a user wants passive DeFi yield on their funds. Deploys a non-custodial determinist...

3· 2.5k·0 current·0 all-time
byPaul@pauldefi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (yield on Base/Arbitrum/Plasma) match the SKILL.md instructions, but the skill registry lists no required env vars/credentials while the instructions explicitly use an API key and a raw PRIVATE_KEY for server agents. That omission is an incoherence — a yield SDK legitimately needs an API key and a signer, so the declared metadata should reflect that.
!
Instruction Scope
SKILL.md tells agents how to obtain and use an API key, how to connect wallets, how to deploy subaccounts (Safes), create session keys, and use a raw PRIVATE_KEY from process.env. It does not instruct reading unrelated system files, but it does instruct handling highly sensitive secrets and performing on‑chain actions (deploy, rebalance, withdraw). The instructions do not include safeguards or explicit limits on session keys beyond a claim that they "cannot withdraw to other addresses" — that should be verified in code/contracts.
Install Mechanism
This is instruction-only (no install spec or code files). It suggests running `npm install @zyfai/sdk viem`, which is expected for a JS SDK. No download-from-URL or archive install is embedded in the skill metadata.
!
Credentials
The SKILL.md requires an API key and shows a server example using process.env.PRIVATE_KEY, yet the skill metadata declares no required environment variables or primary credential. Requesting raw private keys (even in examples) is a high-sensitivity action; the metadata should declare such requirements and justify them. The presence of an API key + private key requirement is proportionate to the stated function but the omission from metadata is suspicious.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). Autonomous invocation combined with access to API keys or private keys increases blast radius if the agent is allowed to call the skill without explicit user consent. The skill itself doesn't request system-wide persistence or other skills' configs.
What to consider before installing
Do not paste or enter your private key into the agent or skill UI unless you've independently audited the SDK and service. Before installing, ask the skill author to: (1) declare required env vars (API_KEY, any signer/private-key variables) in the registry metadata, (2) provide the SDK source repo and npm package name so you can review code and contract addresses, and (3) provide audits or verification that session keys cannot withdraw to arbitrary addresses. Prefer using KMS/hardware wallets or Wallet‑as‑a‑Service instead of raw private keys; test on a small amount or a testnet first; verify the sdk.zyf.ai domain ownership and TLS; and consider disabling autonomous invocation or requiring explicit user confirmation before the agent uses this skill to perform on‑chain transactions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9799jdky9e02m64npdvd8dzpn84e1cc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments