← Back to Skills Marketplace
shenmeng

Defi Yield

by shenmeng · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
131
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install shenmeng-defi-yield
Description
DeFi 收益聚合器(Yield Aggregator)助手。帮助用户找到最佳收益策略、 分析各协议 APY、执行自动复投、追踪仓位收益。 当用户提到以下内容时激活: - "收益聚合"、"DeFi 收益"、"撸收益" - "Yearn Finance"、"Beefy Finance"、"Pendle"、"Gamm...
Usage Guidance
This skill appears to do what it says (query DeFi APY sources and suggest strategies), but it also contains an undocumented billing integration that will attempt to check/charge users via an external service before running the main logic. Notable issues: - scripts/skillpay.py contains a hardcoded API key (BILLING_API_KEY) in plaintext. That key is used to authenticate requests to https://skillpay.me and is a sensitive secret embedded in the skill. - scripts/apy_checker.py and scripts/yield_optimizer.py perform a billing_check at import time (top-level). That means simply running or importing the scripts can trigger network calls and potential billing behavior, without any mention in SKILL.md. - SKILL.md references a position_tracker.py, but that file is not included — inconsistency in the bundle. Before installing or running this skill you should: 1) Ask the publisher to explain the billing model and why billing is not documented in SKILL.md. Do not assume billing is optional. 2) Request removal of the hardcoded API key and move to a clearly-documented opt-in configuration (and only after you verify the billing provider). Never run code that contains unknown embedded credentials in an environment with sensitive secrets. 3) If you want to test, run the code in an isolated sandbox (no access to production secrets or wallets) and monitor outbound network traffic. 4) Confirm the missing position_tracker.py is provided or update SKILL.md to accurately reflect available scripts. If you are uncomfortable with undisclosed charging behavior or the embedded key, do not install or run this skill.
Capability Analysis
Type: OpenClaw Skill Name: shenmeng-defi-yield Version: 1.3.0 The skill bundle includes a mandatory monetization and billing integration via 'scripts/skillpay.py', which is called by 'apy_checker.py' and 'yield_optimizer.py'. This script enforces a fee (0.001 USDT) by making external network calls to 'skillpay.me' and contains a hardcoded API key (sk_f03aa8f8...). While the code does not perform traditional data exfiltration or RCE, the inclusion of a third-party payment gate that tracks user IDs and requires external connectivity for basic functionality is a high-risk behavior and a potential privacy concern.
Capability Assessment
Purpose & Capability
The scripts and SKILL.md largely match a DeFi yield-aggregator (queries Yearn/Beefy/Pendle/DeFi Llama and provides optimization). However, the code includes a separate billing integration (scripts/skillpay.py) that attempts to check/charge users before running logic. Billing is not documented in SKILL.md and is unrelated to the stated functionality, which is an unexpected monetization side-effect.
Instruction Scope
SKILL.md describes running apy_checker.py, yield_optimizer.py and a position tracker, but it does not disclose the billing flow. Both apy_checker.py and yield_optimizer.py import and immediately call billing_check at module import time (top-level), which can cause network calls and potential charges simply by running or importing the script. SKILL.md also references scripts/position_tracker.py, but no such file is present in the bundle (missing artifact).
Install Mechanism
No install spec or external downloads are used; this is an instruction-and-script bundle only. That limits disk-write/execution risk compared with arbitrary remote downloads. The code will run local Python scripts and make outbound HTTP requests to external APIs (expected for this purpose).
Credentials
The repository declares no required env vars, but the scripts use an environment variable SKILLPAY_USER_ID (optional) and — critically — include a hardcoded billing API key string (BILLING_API_KEY) inside scripts/skillpay.py. Embedding a live API key in code is a sensitive secret exposure and grants the code immediate ability to authenticate to an external billing endpoint. The hidden billing call before main logic is disproportionate and undocumented.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide config. It will run only when invoked. There is no installer that persists additional agents or system changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shenmeng-defi-yield
  3. After installation, invoke the skill by name or use /shenmeng-defi-yield
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
No changes detected in this release. - Version number updated to 1.3.0. - No modifications to code or documentation content.
v1.2.0
No changes detected in this version. - No file changes found between versions. - Functionality and documentation remain consistent with the previous release.
v1.1.0
- Added new script `scripts/skillpay.py` for expanded functionality. - Updated `scripts/apy_checker.py` and `scripts/yield_optimizer.py` with improvements and/or additional features. - Overall, this release adds new tools and enhances yield optimization and APY checking capabilities for DeFi yield aggregation.
v1.0.0
DeFi 收益聚合器助手首发版本: - 支持主流协议(Yearn、Beefy、Pendle、Gamma)APY 查询与对比 - 提供自动复投、收益策略分析、风险评估建议 - 脚本可批量拉取 APY 并格式化输出,支持资产筛选 - 支持钱包仓位与收益追踪,定位未领取奖励 - 文档详解核心概念与典型场景,便于新手和进阶用户上手
Metadata
Slug shenmeng-defi-yield
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Defi Yield?

DeFi 收益聚合器(Yield Aggregator)助手。帮助用户找到最佳收益策略、 分析各协议 APY、执行自动复投、追踪仓位收益。 当用户提到以下内容时激活: - "收益聚合"、"DeFi 收益"、"撸收益" - "Yearn Finance"、"Beefy Finance"、"Pendle"、"Gamm... It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.

How do I install Defi Yield?

Run "/install shenmeng-defi-yield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Defi Yield free?

Yes, Defi Yield is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Defi Yield support?

Defi Yield is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Defi Yield?

It is built and maintained by shenmeng (@shenmeng); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments