功能描述

Aave V3 lending protocol on Base Sepolia testnet. Deposit WETH collateral, borrow USDC, repay loans, withdraw collateral, check health factor, and mint test tokens via faucet. Use when users want to interact with Aave lending, check their lending position health, or get testnet tokens.

使用说明 (SKILL.md)

aaveclaw - Aave V3 Lending on Base Sepolia

Name: aaveclaw
Author: chainyoda

Interact with Aave V3 lending protocol on Base Sepolia testnet. Manages the full lending lifecycle using the wallet from ~/.x402-config.json.

Setup

Run setup.sh on first use to install dependencies (ethers v6):

bash scripts/setup.sh

Commands

Check Health Factor

Check the current lending position. Safe to run anytime, read-only.

bash scripts/health.sh [address]

If no address is provided, uses the configured wallet address.

Mint Test Tokens (Faucet)

Get testnet WETH or USDC from the Aave faucet. Run this first if the wallet has no tokens.

bash scripts/faucet.sh weth 1       # Mint 1 WETH
bash scripts/faucet.sh usdc 1000    # Mint 1000 USDC

Deposit Collateral

Deposit WETH as collateral into Aave. Auto-wraps native ETH to WETH if needed.

bash scripts/deposit.sh 0.5         # Deposit 0.5 WETH

Borrow USDC

Borrow USDC against deposited collateral. Uses variable interest rate.

bash scripts/borrow.sh 100          # Borrow 100 USDC

Repay Debt

Repay borrowed USDC. Use "max" to repay entire debt.

bash scripts/repay.sh 50            # Repay 50 USDC
bash scripts/repay.sh max           # Repay all debt

Withdraw Collateral

Withdraw WETH collateral. Use "max" to withdraw everything (only if no debt).

bash scripts/withdraw.sh 0.5        # Withdraw 0.5 WETH
bash scripts/withdraw.sh max        # Withdraw all

Usage Guidelines

Always run health.sh first to see the current position before making changes.
Ask the user for amounts before executing deposit, borrow, repay, or withdraw.
Always show the health factor after any state-changing operation (the scripts do this automatically).
Warn when health factor drops below 1.5 - the position is at risk of liquidation.
Guide new users to the faucet to get test tokens before depositing.
Typical flow: faucet (get tokens) -> deposit (add collateral) -> borrow (take loan) -> repay (pay back) -> withdraw (retrieve collateral).

Network Details

Network: Base Sepolia (chain ID 84532)
Explorer: https://sepolia.basescan.org
RPC: https://sepolia.base.org
Tokens: WETH (18 decimals), USDC (6 decimals)

Error Handling

If private key is missing: direct user to create ~/.x402-config.json with {"private_key": "0x..."}
If insufficient balance: the scripts report exact balances and what is needed
If health factor would drop too low after borrow: Aave reverts the transaction automatically
If faucet fails: the faucet contract may have minting limits or may not be available

安全使用建议

This skill's code appears to do what it says (interact with Aave on Base Sepolia), but there are a few things to consider before installing: - The registry metadata omitted that you must supply a private key. The code will look for X402_PRIVATE_KEY or a file (~/.x402-config.json or ./x402-config.json). Do not put a mainnet/private production key there—use an ephemeral/testnet key with minimal funds. - setup.sh runs npm install and then the node scripts execute. That will pull third-party packages (ethers, etc.) onto disk; review package-lock.json or run in an isolated environment if you don't trust the author. - Verify the contract addresses (pool, faucet, tokens) and RPC URL in scripts/lib/config.js before sending transactions — malicious or incorrect addresses could steal funds on any network where the key has value. - Because the source is unknown (no homepage/author listed), treat this as untrusted: run locally in a sandbox or code-review the files, and prefer using a throwaway testnet key or a hardware wallet/proxy signer if possible. If you want to proceed safely: inspect scripts/lib/config.js and scripts/lib/aave.js yourself, ensure the faucet/pool addresses are legitimate for Base Sepolia, create a test-only private key, and run npm install in an environment where package installation and node execution are permitted and monitored.

功能分析

Type: OpenClaw Skill Name: aaveclaw Version: 1.0.0 The skill is classified as suspicious due to its direct handling of a private key, which is a high-risk capability. The `scripts/lib/config.js` file attempts to load a private key from the `X402_PRIVATE_KEY` environment variable or from `~/.x402-config.json`. While this access is necessary for the skill's stated purpose of interacting with the Aave V3 lending protocol on Base Sepolia testnet, and there is no evidence of exfiltration or unauthorized use of the key, the direct access to and use of a private key constitutes a significant security risk. Additionally, the `ensureAllowance` function in `scripts/lib/aave.js` grants `ethers.MaxUint256` approval to the Aave Pool contract, which is a broad permission, though common in DeFi and for a specified testnet contract.

能力评估

ℹ Purpose & Capability

The skill's code and SKILL.md implement Aave V3 actions on Base Sepolia (deposit, borrow, repay, withdraw, health, faucet) which is coherent with the stated purpose. However the registry metadata declares no required env variables or config paths, while the implementation requires a private key (X402_PRIVATE_KEY or ~/.x402-config.json). That mismatch is unexpected and should have been declared.

✓ Instruction Scope

Runtime instructions (SKILL.md) and the scripts limit actions to interacting with the Sepolia Base RPC and Aave contract addresses, reading a private key from an env var or the x402-config.json file, and printing account/tx info. The instructions do not attempt to read unrelated system files or contact unexpected external endpoints.

ℹ Install Mechanism

There is no platform install spec, but setup.sh runs npm install (registry.npmjs.org) to install ethers and its deps. Using npm is expected for a JS blockchain tool, but it still pulls third-party packages (ethers and deps) onto disk — audit or run in a restricted environment if you don't trust the source.

⚠ Credentials

The runtime requires access to a private key (via X402_PRIVATE_KEY env var or ~/.x402-config.json) to sign transactions — this is necessary for on-chain actions, but the registry did not declare any required credentials or config paths. Requiring a high-sensitivity secret without declaring it is a proportionality/visibility issue and increases risk if users are unaware.

✓ Persistence & Privilege

The skill does not request permanent 'always' inclusion, does not modify other skills, and only persists by installing npm packages in its own directory. Autonomous invocation is allowed (platform default) but not itself unusual here.

版本历史

v1.0.0

Initial release: Aave V3 lending on Base Sepolia — deposit, borrow, repay, withdraw, health check, and faucet

元数据

Slug aaveclaw

版本 1.0.0

许可证 —

累计安装 6

当前安装数 5

历史版本数 1

常见问题

aaveclaw 是什么？

Aave V3 lending protocol on Base Sepolia testnet. Deposit WETH collateral, borrow USDC, repay loans, withdraw collateral, check health factor, and mint test tokens via faucet. Use when users want to interact with Aave lending, check their lending position health, or get testnet tokens. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1894 次。

如何安装 aaveclaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aaveclaw」即可一键安装，无需额外配置。

aaveclaw 是免费的吗？

是的，aaveclaw 完全免费（开源免费），可自由下载、安装和使用。

aaveclaw 支持哪些平台？

aaveclaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 aaveclaw？

由 Ajit Tripathi（@chainyoda）开发并维护，当前版本 v1.0.0。

aaveclaw