← Back to Skills Marketplace
apurvmishra

Yield Agent

by apurvmishra · GitHub ↗ · v0.1.5
cross-platform ⚠ suspicious
1326
Downloads
6
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install yield-agent
Description
On-chain yield discovery, transaction building, and portfolio management via the Yield.xyz API. Use when the user wants to find yields, stake, lend, deposit into vaults, check balances, claim rewards, exit positions, compare APYs, or manage any on-chain yield across 80+ networks.
Usage Guidance
This skill appears to do what it claims: it queries Yield.xyz, constructs unsigned transactions, and expects a wallet skill to sign and broadcast them. Before installing: - Replace the embedded shared API key in skill.json with your own YIELDS_API_KEY (the manifest includes a 'free shared key' for convenience). Do not rely on a shared key in production. - Review and trust the wallet skill you pair with this (Crossmint/Privy/Portal/Turnkey). The yield-agent will hand unsigned transactions to that wallet for signing; never provide private keys to this skill. Follow its wallet integration docs. - Be aware the skill may persist a small state file (positions, addresses, alerts) under the skill's state directory (~/.openclaw/skills/yield-agent/state or the skill state/ path). If you run Superskills or scheduling, expect periodic checks and stored metadata; audit or clear that state if needed. - The SKILL.md and scripts repeatedly warn: do NOT modify unsignedTransaction returned by the API — changing it can cause loss of funds. Follow that rule strictly. - The package references an OpenAPI spec and many examples; if provenance matters, verify the upstream repository (the README points to a GitHub org 'stakekit/yield-agent') and confirm the publisher before trusting for production. If you want a stricter review, provide the untruncated openapi.yaml and the identity/URL used to publish this skill so I can check for surprises (hidden endpoints, unexpected third-party hosts, or additional embedded keys).
Capability Analysis
Type: OpenClaw Skill Name: yield-agent Version: 0.1.5 The skill is classified as suspicious primarily due to the inclusion of a default, shared API key (`b40dd85f-d89e-48da-a2b3-ec04fae106dc`) in `skill.json`. While the `_apiKeyNote` explicitly advises replacing it for production, its presence as a default poses a vulnerability if used without replacement, potentially leading to unauthorized access or rate limiting issues for the shared key. The shell scripts (`scripts/*.sh`) correctly sanitize user inputs and construct JSON payloads using `jq` to prevent shell injection. Furthermore, the `SKILL.md` and `references/safety.md` files contain strong, explicit instructions for the AI agent to never modify transactions, always seek user confirmation for financial operations, and adhere to configurable safety guardrails, actively mitigating prompt injection risks and demonstrating a clear intent to operate safely within the high-risk domain of DeFi transactions via `https://api.yield.xyz`.
Capability Assessment
Purpose & Capability
Name/description match what the skill does: all scripts call the Yield.xyz API, and required binaries (curl, jq) are appropriate. The skill does not request unrelated credentials or system access.
Instruction Scope
SKILL.md and scripts consistently instruct the agent to fetch yield metadata, build actions, and hand unsigned transactions to a wallet skill for signing. The instructions explicitly forbid modifying unsignedTransaction, and the scripts only call the declared API endpoints and read the local skill manifest for configuration.
Install Mechanism
No remote download/install steps are declared in the package metadata; the skill is delivered as code files and uses only curl/jq at runtime. No arbitrary external installers or URL downloads are used by the skill itself.
Credentials
The skill requires no secrets at runtime, but skill.json ships a shared API key (api.apiKey) and baseUrl. This is convenient for getting started but means the package includes an embedded API key—replace with your own YIELDS_API_KEY for production. The skill does not request unrelated credentials.
Persistence & Privilege
always is false and model invocation is allowed (normal). The package documents and may use a local state file (state/yield-cache.json under the skill directory or ~/.openclaw/...), which is expected for monitoring/superskill features. The skill does not attempt to modify other skills or system-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yield-agent
  3. After installation, invoke the skill by name or use /yield-agent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
- Updated critical warning section for clarity: emphasized that unsigned transactions must not be changed, reformatted, or fixed in any way. - Shortened and clarified the description of what not to modify in unsigned transactions. - Strengthened language about transaction immutability to prevent user fund loss. - No changes to tools, arguments, or features.
v0.1.4
No user-facing changes in this release. - Version updated to 0.1.4 (no other changes detected).
v0.1.3
Version 0.1.3 - Added a new critical warning: never modify `unsignedTransaction` returned by the API; request a new action instead if any field is incorrect. - Emphasized that changing any transaction field (amount, gas, recipient, calldata, etc.) can result in permanent loss of funds. - Existing rules and usage instructions remain unchanged.
v0.1.2
- Version number updated to 0.1.2 in metadata. - No other changes detected in files or documentation.
v0.1.1
- Updated skill metadata structure for compatibility with new standards (now uses 'openclaw' key and emoji). - Minor version bump (1.0.2 → 1.0.3). - Removed the file HEARTBEAT.md. - Improved documentation: added instruction to consult `references/openapi.yaml` for all enums, DTOs, and schemas; do not hardcode values. - No changes to skill functionality or toolset.
v0.1.0
Initial public release of YieldAgent skill for on-chain yield discovery and management: - Discover, compare, and enter yield opportunities across 80+ networks via Yield.xyz API. - Build and manage positions with staking, lending, vaults, restaking, and liquidity pools. - Supports actions to enter/exit positions, claim rewards, restake, check balances, and more. - Tooling includes dynamic argument schemas, validator provider lookup, and portfolio management. - Adheres to strict API usage rules for maximum security and flexibility.
Metadata
Slug yield-agent
Version 0.1.5
License
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is Yield Agent?

On-chain yield discovery, transaction building, and portfolio management via the Yield.xyz API. Use when the user wants to find yields, stake, lend, deposit into vaults, check balances, claim rewards, exit positions, compare APYs, or manage any on-chain yield across 80+ networks. It is an AI Agent Skill for Claude Code / OpenClaw, with 1326 downloads so far.

How do I install Yield Agent?

Run "/install yield-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yield Agent free?

Yes, Yield Agent is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Yield Agent support?

Yield Agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yield Agent?

It is built and maintained by apurvmishra (@apurvmishra); the current version is v0.1.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments