Description

Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports.

README (SKILL.md)

\r \r

Gekko Yield — Earn safe yield on USDC\r

Name: Gekko Yield
Author: gekkoai001

\r Earn yield on USDC via the Moonwell Flagship USDC vault on Base.\r \r Vault: 0xc1256Ae5FF1cf2719D4937adb3bbCCab2E00A2Ca \r Chain: Base (8453) \r Asset: USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)\r \r

Why This Vault?\r

\r The Moonwell Flagship USDC vault is one of the safest places to earn yield on Base:\r \r

Powers Coinbase — Provides $20M+ liquidity to Coinbase's BTC/ETH borrow products\r
Blue-chip collateral only — Loans backed by ETH, cbETH, wstETH, cbBTC\r
Conservative LTV ratios — Healthy collateral requirements\r
Isolated markets — Risk is compartmentalized\r
Battle-tested — Morpho's codebase is \x3C650 lines, immutable, extensively audited\r
Multi-layer governance — Moonwell DAO + Block Analitica/B.Protocol curators\r \r

Current APY (~4-6%)\r

\r | Component | APY | Source |\r |-----------|-----|--------|\r | Base yield | ~4-5% | Borrower interest |\r | Rewards | ~0.5-1% | WELL + MORPHO via Merkl |\r | Total | ~4.5-6% | Sustainable, from real demand |\r \r Yields come from real borrowing demand, not unsustainable emissions.\r \r

Quick Start\r

\r

cd gekko-yield/scripts\r
pnpm install  # or npm install\r
npx tsx setup.ts\r
```\r
\r
The setup wizard will:\r
1. Guide you to set your private key as environment variable\r
2. Save configuration to `~/.config/gekko-yield/config.json`\r
\r
## Commands\r
\r
### Interactive Setup\r
\r
```bash\r
npx tsx setup.ts\r
```\r
\r
Guides you through wallet configuration.\r
\r
### Check Position & APY\r
\r
```bash\r
npx tsx status.ts\r
```\r
\r
Returns: current deposit, vault shares, APY, wallet balances, estimated earnings.\r
\r
### Generate Report\r
\r
```bash\r
# Telegram/Discord format (default)\r
npx tsx report.ts\r
\r
# JSON format (for automation)\r
npx tsx report.ts --json\r
\r
# Plain text\r
npx tsx report.ts --plain\r
```\r
\r
### Deposit USDC\r
\r
```bash\r
npx tsx deposit.ts \x3Camount>\r
# Example: deposit 100 USDC\r
npx tsx deposit.ts 100\r
```\r
\r
Deposits USDC into the Moonwell vault. Handles approval automatically.\r
\r
### Withdraw\r
\r
```bash\r
# Withdraw specific amount of USDC\r
npx tsx withdraw.ts \x3Camount>\r
\r
# Withdraw all (redeem all shares)\r
npx tsx withdraw.ts all\r
```\r
\r
### Auto-Compound\r
\r
```bash\r
npx tsx compound.ts\r
```\r
\r
All-in-one command that:\r
1. Checks wallet for reward tokens (WELL, MORPHO)\r
2. Swaps them to USDC via Odos aggregator\r
3. Deposits the USDC back into the vault\r
\r
## Configuration\r
\r
Config location: `~/.config/gekko-yield/config.json`\r
\r
```json\r
{\r
  "wallet": {\r
    "source": "env",\r
    "envVar": "PRIVATE_KEY"\r
  },\r
  "rpc": "https://mainnet.base.org"\r
}\r
```\r
\r
## Security\r
\r
⚠️ **This skill manages real funds. Review carefully:**\r
\r
- Private keys loaded at runtime from environment variable\r
- Keys never logged or written to disk by scripts\r
- All transactions simulated before execution\r
- Contract addresses verified on each run\r
- Scripts show transaction preview before sending\r
\r
### Recommended Setup\r
\r
1. **Dedicated wallet** — Create a hot wallet just for this skill\r
2. **Limited funds** — Only deposit what you're comfortable having in a hot wallet\r
3. **Keep gas funded** — Maintain small ETH balance on Base for transactions\r
\r
## Error Handling\r
\r
| Error | Cause | Fix |\r
|-------|-------|-----|\r
| Insufficient USDC | Not enough USDC in wallet | Bridge/transfer more USDC to Base |\r
| Insufficient gas | Not enough ETH for tx | Add ETH to wallet on Base |\r
| Wallet not configured | Missing config | Run `npx tsx setup.ts` |\r
| PRIVATE_KEY not set | Missing env var | Set `$env:PRIVATE_KEY="your-key"` |\r
\r
## Dependencies\r
\r
Scripts require Node.js 18+. Install deps before first run:\r
\r
```bash\r
cd scripts && pnpm install\r
```\r
\r
Packages used:\r
- `viem` — Ethereum interaction\r
- `tsx` — TypeScript execution\r
\r
---\r
\r
**Built by Gekko AI. Powered by ERC-8004.**\r

Usage Guidance

This skill appears to implement the advertised vault operations, but take these precautions before installing or funding it: - Confirm PRIVATE_KEY handling: inspect scripts/setup.ts and loadConfig() to ensure the private key is only read from the environment (PRIVATE_KEY) and never written to disk or transmitted to a remote server. The registry metadata should also list the required env var — the omission is an inconsistency. - Use a dedicated hot wallet with minimal funds. Do not use your main/CEX wallet private key. - Review setup.ts locally before running. If you cannot read the file, run the code in an isolated VM/container and monitor network traffic. - Verify contract addresses (vault, USDC, Odos router, reward tokens) on Base's block explorers and official Moonwell docs before sending funds. - Check that transaction logs written to ~/.config/gekko-yield/logs don't contain secret data and that config.json only stores the envVar name and RPC preferences. - If you plan to let an AI agent invoke this skill autonomously, be aware the agent could initiate transactions with the provided private key. Consider disabling autonomous use or restricting the agent's ability to send transaction-confirming inputs. If you want, I can (1) scan the remaining truncated files (setup.ts and any omitted files) for private-key persistence or exfiltration patterns, or (2) list the exact lines where PRIVATE_KEY is referenced so you can inspect them yourself.

Capability Analysis

Type: OpenClaw Skill Name: gekkoai-yield Version: 1.0.0 The OpenClaw skill 'gekko-yield' is designed for legitimate DeFi operations on the Base network, specifically for managing USDC in the Moonwell vault. It transparently handles private keys via environment variables, explicitly stating they are never logged or written to disk. All blockchain interactions are performed using the 'viem' library with hardcoded, verified contract addresses, and external API calls are made to reputable DeFi data sources (Odos, Morpho, Coingecko). The `SKILL.md` and `CLAUDE.md` files provide clear instructions for both users and the AI agent, without any evidence of prompt injection attempts or instructions to perform unauthorized actions. Dependencies are standard and appropriate for a web3 project.

Capability Assessment

ℹ Purpose & Capability

Name/description (deposit/withdraw/compound USDC into Moonwell vault) match the included TypeScript scripts. Required binary (node) is appropriate. However the registry metadata lists no required environment variables while the SKILL.md and scripts expect a PRIVATE_KEY environment variable — an incoherence between declared requirements and actual runtime needs.

ℹ Instruction Scope

Runtime instructions are focused on wallet setup, deposit/withdraw/compound/report operations and reference only expected files/paths (e.g., ~/.config/gekko-yield/config.json). The SKILL.md says private keys are loaded from env and never logged/written; most visible code (approve/deposit/compound/report) does not log private keys and writes only transaction logs to ~/.config/gekko-yield/logs. However the setup script file was not fully inspected in the provided truncated output — you should verify setup.ts does not persist the private key to disk or transmit it.

✓ Install Mechanism

No download/install from arbitrary URLs; code is included and uses standard node tooling (pnpm/npm, viem, tsx). package.json and lockfile reference known packages. This is a low-risk install vector relative to arbitrary remote installs.

⚠ Credentials

The skill requires access to a wallet private key at runtime (SKILL.md instructs PRIVATE_KEY env var) but the registry metadata didn't declare any required env vars / primary credential. Requesting a private key is proportionate to the stated purpose, but the omission in declared requirements is an incoherence that could lead to users not realizing they must supply a secret. Also verify that the setup script and config writer only store the envVar name (not the secret) as SKILL.md claims.

✓ Persistence & Privilege

always:false (normal). The scripts create and write configuration and logs under ~/.config/gekko-yield which is appropriate for this type of tool. There is no evidence the skill modifies other skills or system-wide settings. The agent-autonomous invocation default is allowed but not set to always:true.

Version History

v1.0.0

Initial release of gekko-yield. - Earn yield on USDC by depositing to the Moonwell Flagship USDC vault on Base. - Supports deposit, withdrawal, position/APY checks, and automated yield reporting. - Includes auto-compounding of reward tokens and secure wallet handling via environment variables. - Comprehensive CLI with setup, status, report, deposit, withdraw, and compound commands. - Security best practices: transaction simulation, key management, contract verification, and user previews.

Metadata

Slug gekkoai-yield

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Gekko Yield?

Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports. It is an AI Agent Skill for Claude Code / OpenClaw, with 1576 downloads so far.

How do I install Gekko Yield?

Run "/install gekkoai-yield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gekko Yield free?

Yes, Gekko Yield is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gekko Yield support?

Gekko Yield is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gekko Yield?

It is built and maintained by gekkoai001 (@gekkoai001); the current version is v1.0.0.

More Skills

Gekko Yield