功能描述

Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports.

使用说明 (SKILL.md)

\r \r

Gekko Yield — Earn safe yield on USDC\r

Name: Gekko Yield
Author: sergey1997

\r Earn yield on USDC via the Moonwell Flagship USDC vault on Base.\r \r Vault: 0xc1256Ae5FF1cf2719D4937adb3bbCCab2E00A2Ca \r Chain: Base (8453) \r Asset: USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)\r \r

Why This Vault?\r

\r The Moonwell Flagship USDC vault is one of the safest places to earn yield on Base:\r \r

Powers Coinbase — Provides $20M+ liquidity to Coinbase's BTC/ETH borrow products\r
Blue-chip collateral only — Loans backed by ETH, cbETH, wstETH, cbBTC\r
Conservative LTV ratios — Healthy collateral requirements\r
Isolated markets — Risk is compartmentalized\r
Battle-tested — Morpho's codebase is \x3C650 lines, immutable, extensively audited\r
Multi-layer governance — Moonwell DAO + Block Analitica/B.Protocol curators\r \r

Current APY (~4-6%)\r

\r | Component | APY | Source |\r |-----------|-----|--------|\r | Base yield | ~4-5% | Borrower interest |\r | Rewards | ~0.5-1% | WELL + MORPHO via Merkl |\r | Total | ~4.5-6% | Sustainable, from real demand |\r \r Yields come from real borrowing demand, not unsustainable emissions.\r \r

Quick Start\r

\r

cd gekko-yield/scripts\r
pnpm install  # or npm install\r
npx tsx setup.ts\r
```\r
\r
The setup wizard will:\r
1. Guide you to set your private key as environment variable\r
2. Save configuration to `~/.config/gekko-yield/config.json`\r
\r
## Commands\r
\r
### Interactive Setup\r
\r
```bash\r
npx tsx setup.ts\r
```\r
\r
Guides you through wallet configuration.\r
\r
### Check Position & APY\r
\r
```bash\r
npx tsx status.ts\r
```\r
\r
Returns: current deposit, vault shares, APY, wallet balances, estimated earnings.\r
\r
### Generate Report\r
\r
```bash\r
# Telegram/Discord format (default)\r
npx tsx report.ts\r
\r
# JSON format (for automation)\r
npx tsx report.ts --json\r
\r
# Plain text\r
npx tsx report.ts --plain\r
```\r
\r
### Deposit USDC\r
\r
```bash\r
npx tsx deposit.ts \x3Camount>\r
# Example: deposit 100 USDC\r
npx tsx deposit.ts 100\r
```\r
\r
Deposits USDC into the Moonwell vault. Handles approval automatically.\r
\r
### Withdraw\r
\r
```bash\r
# Withdraw specific amount of USDC\r
npx tsx withdraw.ts \x3Camount>\r
\r
# Withdraw all (redeem all shares)\r
npx tsx withdraw.ts all\r
```\r
\r
### Auto-Compound\r
\r
```bash\r
npx tsx compound.ts\r
```\r
\r
All-in-one command that:\r
1. Checks wallet for reward tokens (WELL, MORPHO)\r
2. Swaps them to USDC via Odos aggregator\r
3. Deposits the USDC back into the vault\r
\r
## Configuration\r
\r
Config location: `~/.config/gekko-yield/config.json`\r
\r
```json\r
{\r
  "wallet": {\r
    "source": "env",\r
    "envVar": "PRIVATE_KEY"\r
  },\r
  "rpc": "https://mainnet.base.org"\r
}\r
```\r
\r
## Security\r
\r
⚠️ **This skill manages real funds. Review carefully:**\r
\r
- Private keys loaded at runtime from environment variable\r
- Keys never logged or written to disk by scripts\r
- All transactions simulated before execution\r
- Contract addresses verified on each run\r
- Scripts show transaction preview before sending\r
\r
### Recommended Setup\r
\r
1. **Dedicated wallet** — Create a hot wallet just for this skill\r
2. **Limited funds** — Only deposit what you're comfortable having in a hot wallet\r
3. **Keep gas funded** — Maintain small ETH balance on Base for transactions\r
\r
## Error Handling\r
\r
| Error | Cause | Fix |\r
|-------|-------|-----|\r
| Insufficient USDC | Not enough USDC in wallet | Bridge/transfer more USDC to Base |\r
| Insufficient gas | Not enough ETH for tx | Add ETH to wallet on Base |\r
| Wallet not configured | Missing config | Run `npx tsx setup.ts` |\r
| PRIVATE_KEY not set | Missing env var | Set `$env:PRIVATE_KEY="your-key"` |\r
\r
## Dependencies\r
\r
Scripts require Node.js 18+. Install deps before first run:\r
\r
```bash\r
cd scripts && pnpm install\r
```\r
\r
Packages used:\r
- `viem` — Ethereum interaction\r
- `tsx` — TypeScript execution\r
\r
---\r
\r
**Built by Gekko AI. Powered by ERC-8004.**\r

安全使用建议

This skill appears to implement the described Moonwell USDC vault actions, but exercise caution before installing or running it with real funds: - Private key handling: The scripts expect you to provide a PRIVATE_KEY environment variable, but the skill metadata does not declare this. Only run after you understand this and only use a dedicated hot wallet with limited funds. - External assembler risk: The compound flow asks Odos (https://api.odos.xyz) to assemble a ready-to-sign transaction and then sends it as-is. An attacker or a compromised Odos endpoint could return a transaction that drains funds or calls unexpected contracts. Prefer to run code locally, inspect the assembled transaction (confirm 'to' address and calldata) before signing, or modify the code to validate assembled.transaction.to === ODOS_ROUTER and/or to simulate the assembled tx before sending. - Audit the code: If you will run this skill, review the setup.ts/loadConfig implementation to confirm nothing writes your private key to disk. Confirm that 'verifyContracts' actually checks the addresses you expect. Consider enabling simulation-only mode when testing. - Operational precautions: Use a dedicated wallet with minimal USDC and ETH for gas, confirm contract addresses independently (e.g., BaseScan), and run the scripts locally rather than trusting remote execution. If you are not able to review or run the code yourself, treat this skill as untrusted.

功能分析

Type: OpenClaw Skill Name: gekko-yield Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'gekko-yield' is classified as benign. The code and documentation clearly outline its purpose: to manage USDC deposits, withdrawals, and auto-compounding on the Moonwell Flagship USDC vault on Base. Private keys are securely handled by being read from environment variables and explicitly stated as never being logged or written to disk. All blockchain interactions (deposits, withdrawals, approvals, swaps via Odos) are within the stated purpose, involve legitimate DeFi protocols and data providers (Morpho API, CoinGecko), and include transaction previews and simulations. There is no evidence of data exfiltration beyond necessary blockchain interactions, malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent to subvert its intended function. Configuration and logs are stored in standard user-level directories (`~/.config/gekko-yield`).

能力评估

⚠ Purpose & Capability

Name/description, CLI commands and included scripts all align with earning yield on Moonwell USDC on Base (deposit/withdraw/status/compound/report). However the skill metadata declares no required environment variables while the scripts expect a PRIVATE_KEY environment variable and write/read config/log files under ~/.config/gekko-yield. The missing declared env var is an incoherence that affects user consent and risk understanding.

⚠ Instruction Scope

Runtime instructions and scripts do what they claim (interact with the vault, call Odos for swaps, query CoinGecko). But compound.ts calls the Odos 'assemble' endpoint which returns a ready-to-send transaction and the script sends it with walletClient.sendTransaction without validating that the assembled transaction targets only known, expected contracts (e.g., verifying assembled.transaction.to equals the expected Odos router). Relying on an external service to produce raw transactions for immediate signing and broadcast increases the blast radius if that external endpoint is compromised or malicious. The skill also instructs storing config/logs in the user's home directory and to put the private key in an env var — that is expected for on‑chain tooling but should be clearly declared in metadata (it is not).

✓ Install Mechanism

No binary install spec; scripts are Node/TypeScript and use standard npm/pnpm dependencies (viem, tsx). This is proportionate to the described functionality. Nothing is downloaded from an untrusted URL in the manifest.

⚠ Credentials

The scripts require a wallet private key (PRIVATE_KEY) at runtime (and also read HOME for config/log paths), but the registry metadata lists no required environment variables or primary credential. Asking for a private key is expected for a wallet-managing DeFi tool, but it must be declared up front so users can make an informed risk decision; the omission is a significant coherence/consent issue.

✓ Persistence & Privilege

The skill is not always-enabled and does not request system-wide privileges. It writes its own config and logs under ~/.config/gekko-yield (normal for CLI tools). It does not modify other skills or global agent settings in the provided files.

版本历史

v1.0.0

Initial release of gekko-yield v1.0.0: - Supply and withdraw USDC from the Moonwell Flagship USDC vault on Base chain - View position, vault APY, and wallet balances - Generate yield reports in Telegram/Discord, JSON, or plain text formats - Auto-compound WELL and MORPHO rewards back into the vault via Odos - Interactive setup and secure wallet configuration using environment variables - Clear security guidance and recommended wallet practices provided

元数据

Slug gekko-yield

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Gekko Yield 是什么？

Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1603 次。

如何安装 Gekko Yield？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gekko-yield」即可一键安装，无需额外配置。

Gekko Yield 是免费的吗？

是的，Gekko Yield 完全免费（开源免费），可自由下载、安装和使用。

Gekko Yield 支持哪些平台？

Gekko Yield 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Gekko Yield？

由 Serge（@sergey1997）开发并维护，当前版本 v1.0.0。

Gekko Yield