← Back to Skills Marketplace
altoninelli

Yield Farm Payment

by altoninelli · GitHub ↗ · v1.0.8 · MIT-0
cross-platform ⚠ suspicious
77
Downloads
0
Stars
1
Active Installs
9
Versions
Install in OpenClaw
/install yield-farm-payment
Description
Pay any seller at ZERO net cost. Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investme...
Usage Guidance
This skill appears to implement the DeFi payment flow it describes, but there are several red flags you should address before installing or running it: 1) Do not use your main wallet — create a dedicated wallet with minimal funds and only the tokens needed for testing. 2) The skill requires a RAW PRIVATE_KEY in .env; inspect the entire codebase (especially scripts/yield-farm-payment-corrected.js) to confirm the key is only used locally for signing and is not transmitted to any external endpoint. 3) Resolve manifest/metadata inconsistencies (registry metadata said no env vars; manifest.json references a non-existent main entrypoint). These mismatches could be innocent mistakes but reduce trust. 4) Run everything in a controlled environment first (Base Sepolia testnet) and review network calls (grep for http/https/fetch/axios/request) to ensure there are no hidden remote endpoints. 5) If you lack the ability to audit JavaScript yourself, ask a developer/security reviewer to audit the main payment file for key exfiltration or unexpected behavior before providing any private key. If you proceed, start with the smallest amounts and monitor all transactions on basescan.org.
Capability Analysis
Type: OpenClaw Skill Name: yield-farm-payment Version: 1.0.8 The skill requires the user to provide a raw 'PRIVATE_KEY' in the .env file, which is a high-risk practice granting the AI agent full control over the wallet. While the code in 'yield-farm-payment-corrected.js' and 'transaction-manager.js' appears to align with the stated DeFi purpose (USDC transfers and Aave V3 deposits), the architectural design creates a significant attack surface for wallet draining via prompt injection. Additionally, 'scripts/check-configuration.js' contains logic to dynamically write new executable files ('test-wallet.js') to the disk, which is a risky capability in an agentic environment.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill's purpose (pay on Base and deposit collateral on Aave) justifies needing a wallet private key and an RPC URL. However the registry metadata shown at the top lists no required env vars/credentials while SKILL.md, package.json, and manifest.json clearly require PRIVATE_KEY and BASE_RPC_URL — this metadata mismatch is an incoherence that reduces trust. Additionally manifest.json lists an entrypoint 'scripts/yield-farm-payment.js' that doesn't exist (the actual main file is yield-farm-payment-corrected.js in package.json), which is another inconsistency.
Instruction Scope
SKILL.md explicitly instructs the user to store a raw PRIVATE_KEY in .env and to run CLI scripts that will perform on-chain writes. That is coherent with the skill's payment function, but it is high privilege: anywhere the code uses the PRIVATE_KEY it has full control of the wallet. The instructions do not try to exfiltrate the key to external servers in the visible files, but you must inspect the core runtime file (yield-farm-payment-corrected.js) before running. The skill also creates a test-wallet.js helper file dynamically in scripts/check-configuration.js; writing files is allowed but should be reviewed.
Install Mechanism
There is no remote install/download step — dependencies are standard npm packages (viem, dotenv). No external or obfuscated install URLs are used. The skill is delivered as source files, so reviewable locally before execution.
Credentials
REQUESTED CREDENTIALS: PRIVATE_KEY and BASE_RPC_URL are sensitive but proportionate for a tool that must sign transactions on the user's behalf. The skill appropriately warns to use a dedicated low-balance wallet. That said, the registry-level metadata provided to the platform (which claimed 'none' for required env vars) contradicts the package/SKILL.md; that mismatch should be resolved before trusting platform-level permissions. Several optional Aave/ERC20 addresses are also recommended, which is expected.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. Model invocation is allowed (platform default) — note that an autonomously-invokable skill that has access to a raw PRIVATE_KEY would have a higher blast radius if misused; this skill does not set always:true, but you should be cautious about allowing autonomous calls with any private key configured.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yield-farm-payment
  3. After installation, invoke the skill by name or use /yield-farm-payment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.8
v1.0.8 is a maintenance release with updated documentation. - Updated SKILL.md version and references from 1.0.6 to 1.0.8. - No functional changes; implementation and configuration remain the same. - Manifest and package metadata updated to reflect the new version.
v1.0.7
## YieldFarmPayment v1.0.7 Changelog - Documentation update: README.md revised for accuracy and clarity. - No code or feature changes.
v1.0.6
YieldFarmPayment v1.0.6 - Updated documentation to reflect the new version (v1.0.6). - No code or feature changes; content remains focused on Upfront Mode and current implementation.
v1.0.5
- Updated dependencies in package.json. - Updated documentation (SKILL.md) for version bump to 1.0.5. - Removed aave-protocol-v3 from the required dependencies list in SKILL.md. - No functional or feature changes.
v1.0.4
- Clarified required environment variables in documentation for easier setup. - Updated internal references and version to 1.0.4. - No functional or security changes; documentation improvements only.
v1.0.3
- Added prominent security notice: now requires a raw PRIVATE_KEY of a dedicated wallet, raising security level and warning users to use only low-balance wallets. - Updated metadata: reputation requirement increased to "medium" and security_level set to "high-privilege" with visible usage warning. - Documentation revised for clarity on operational risks, with a new, strongly worded recommendation to use only dedicated wallets. - No changes to core functionality or usage—Upfront Mode with Aave yield recovery remains the focus.
v1.0.2
- Added a frontmatter block with metadata, author, tags, and pricing information to SKILL.md. - Updated the description to highlight "Net-Zero" payments and automated cost recovery. - No changes to underlying logic, documentation, or usage instructions; all main content after the frontmatter remains the same.
v1.0.1
**Changelog for v1.0.1** - Removed `package-lock.json` to streamline dependency management. - Updated `package.json` (details not shown) for consistency or dependency adjustments. - No changes to documented functionality or features.
v1.0.0
YieldFarmPayment v1.0 — Launch of immediate payment + capital recovery system on Base. **Pay any seller at ZERO net cost.** Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investments. Achieve professional-grade **Net-Zero transactions** with automated cost recovery. Pay recipients immediately on Base network, then recover your capital over time through Aave V3 yield farming. - Configurable collateral multipliers (3x–20x) and safety buffer for flexible risk/recovery tradeoffs. - Robust CLI for payments, configuration checks, and realistic testing scenarios. - Automatic transaction retries, gas/nonce management, and comprehensive error handling included. - Detailed documentation, quick-start guides, and project structure to help users integrate and operate safely.
Metadata
Slug yield-farm-payment
Version 1.0.8
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 9
Frequently Asked Questions

What is Yield Farm Payment?

Pay any seller at ZERO net cost. Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investme... It is an AI Agent Skill for Claude Code / OpenClaw, with 77 downloads so far.

How do I install Yield Farm Payment?

Run "/install yield-farm-payment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yield Farm Payment free?

Yes, Yield Farm Payment is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yield Farm Payment support?

Yield Farm Payment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yield Farm Payment?

It is built and maintained by altoninelli (@altoninelli); the current version is v1.0.8.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments