← 返回 Skills 市场
Gekko Yield
作者
gekkoai001
· GitHub ↗
· v1.0.0
1576
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gekkoai-yield
功能描述
Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports.
使用说明 (SKILL.md)
\r \r
Gekko Yield — Earn safe yield on USDC\r
\r
Earn yield on USDC via the Moonwell Flagship USDC vault on Base.\r
\r
Vault: 0xc1256Ae5FF1cf2719D4937adb3bbCCab2E00A2Ca \r
Chain: Base (8453) \r
Asset: USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)\r
\r
Why This Vault?\r
\r The Moonwell Flagship USDC vault is one of the safest places to earn yield on Base:\r \r
- Powers Coinbase — Provides $20M+ liquidity to Coinbase's BTC/ETH borrow products\r
- Blue-chip collateral only — Loans backed by ETH, cbETH, wstETH, cbBTC\r
- Conservative LTV ratios — Healthy collateral requirements\r
- Isolated markets — Risk is compartmentalized\r
- Battle-tested — Morpho's codebase is \x3C650 lines, immutable, extensively audited\r
- Multi-layer governance — Moonwell DAO + Block Analitica/B.Protocol curators\r \r
Current APY (~4-6%)\r
\r | Component | APY | Source |\r |-----------|-----|--------|\r | Base yield | ~4-5% | Borrower interest |\r | Rewards | ~0.5-1% | WELL + MORPHO via Merkl |\r | Total | ~4.5-6% | Sustainable, from real demand |\r \r Yields come from real borrowing demand, not unsustainable emissions.\r \r
Quick Start\r
\r
cd gekko-yield/scripts\r
pnpm install # or npm install\r
npx tsx setup.ts\r
```\r
\r
The setup wizard will:\r
1. Guide you to set your private key as environment variable\r
2. Save configuration to `~/.config/gekko-yield/config.json`\r
\r
## Commands\r
\r
### Interactive Setup\r
\r
```bash\r
npx tsx setup.ts\r
```\r
\r
Guides you through wallet configuration.\r
\r
### Check Position & APY\r
\r
```bash\r
npx tsx status.ts\r
```\r
\r
Returns: current deposit, vault shares, APY, wallet balances, estimated earnings.\r
\r
### Generate Report\r
\r
```bash\r
# Telegram/Discord format (default)\r
npx tsx report.ts\r
\r
# JSON format (for automation)\r
npx tsx report.ts --json\r
\r
# Plain text\r
npx tsx report.ts --plain\r
```\r
\r
### Deposit USDC\r
\r
```bash\r
npx tsx deposit.ts \x3Camount>\r
# Example: deposit 100 USDC\r
npx tsx deposit.ts 100\r
```\r
\r
Deposits USDC into the Moonwell vault. Handles approval automatically.\r
\r
### Withdraw\r
\r
```bash\r
# Withdraw specific amount of USDC\r
npx tsx withdraw.ts \x3Camount>\r
\r
# Withdraw all (redeem all shares)\r
npx tsx withdraw.ts all\r
```\r
\r
### Auto-Compound\r
\r
```bash\r
npx tsx compound.ts\r
```\r
\r
All-in-one command that:\r
1. Checks wallet for reward tokens (WELL, MORPHO)\r
2. Swaps them to USDC via Odos aggregator\r
3. Deposits the USDC back into the vault\r
\r
## Configuration\r
\r
Config location: `~/.config/gekko-yield/config.json`\r
\r
```json\r
{\r
"wallet": {\r
"source": "env",\r
"envVar": "PRIVATE_KEY"\r
},\r
"rpc": "https://mainnet.base.org"\r
}\r
```\r
\r
## Security\r
\r
⚠️ **This skill manages real funds. Review carefully:**\r
\r
- Private keys loaded at runtime from environment variable\r
- Keys never logged or written to disk by scripts\r
- All transactions simulated before execution\r
- Contract addresses verified on each run\r
- Scripts show transaction preview before sending\r
\r
### Recommended Setup\r
\r
1. **Dedicated wallet** — Create a hot wallet just for this skill\r
2. **Limited funds** — Only deposit what you're comfortable having in a hot wallet\r
3. **Keep gas funded** — Maintain small ETH balance on Base for transactions\r
\r
## Error Handling\r
\r
| Error | Cause | Fix |\r
|-------|-------|-----|\r
| Insufficient USDC | Not enough USDC in wallet | Bridge/transfer more USDC to Base |\r
| Insufficient gas | Not enough ETH for tx | Add ETH to wallet on Base |\r
| Wallet not configured | Missing config | Run `npx tsx setup.ts` |\r
| PRIVATE_KEY not set | Missing env var | Set `$env:PRIVATE_KEY="your-key"` |\r
\r
## Dependencies\r
\r
Scripts require Node.js 18+. Install deps before first run:\r
\r
```bash\r
cd scripts && pnpm install\r
```\r
\r
Packages used:\r
- `viem` — Ethereum interaction\r
- `tsx` — TypeScript execution\r
\r
---\r
\r
**Built by Gekko AI. Powered by ERC-8004.**\r
安全使用建议
This skill appears to implement the advertised vault operations, but take these precautions before installing or funding it:
- Confirm PRIVATE_KEY handling: inspect scripts/setup.ts and loadConfig() to ensure the private key is only read from the environment (PRIVATE_KEY) and never written to disk or transmitted to a remote server. The registry metadata should also list the required env var — the omission is an inconsistency.
- Use a dedicated hot wallet with minimal funds. Do not use your main/CEX wallet private key.
- Review setup.ts locally before running. If you cannot read the file, run the code in an isolated VM/container and monitor network traffic.
- Verify contract addresses (vault, USDC, Odos router, reward tokens) on Base's block explorers and official Moonwell docs before sending funds.
- Check that transaction logs written to ~/.config/gekko-yield/logs don't contain secret data and that config.json only stores the envVar name and RPC preferences.
- If you plan to let an AI agent invoke this skill autonomously, be aware the agent could initiate transactions with the provided private key. Consider disabling autonomous use or restricting the agent's ability to send transaction-confirming inputs.
If you want, I can (1) scan the remaining truncated files (setup.ts and any omitted files) for private-key persistence or exfiltration patterns, or (2) list the exact lines where PRIVATE_KEY is referenced so you can inspect them yourself.
功能分析
Type: OpenClaw Skill
Name: gekkoai-yield
Version: 1.0.0
The OpenClaw skill 'gekko-yield' is designed for legitimate DeFi operations on the Base network, specifically for managing USDC in the Moonwell vault. It transparently handles private keys via environment variables, explicitly stating they are never logged or written to disk. All blockchain interactions are performed using the 'viem' library with hardcoded, verified contract addresses, and external API calls are made to reputable DeFi data sources (Odos, Morpho, Coingecko). The `SKILL.md` and `CLAUDE.md` files provide clear instructions for both users and the AI agent, without any evidence of prompt injection attempts or instructions to perform unauthorized actions. Dependencies are standard and appropriate for a web3 project.
能力评估
Purpose & Capability
Name/description (deposit/withdraw/compound USDC into Moonwell vault) match the included TypeScript scripts. Required binary (node) is appropriate. However the registry metadata lists no required environment variables while the SKILL.md and scripts expect a PRIVATE_KEY environment variable — an incoherence between declared requirements and actual runtime needs.
Instruction Scope
Runtime instructions are focused on wallet setup, deposit/withdraw/compound/report operations and reference only expected files/paths (e.g., ~/.config/gekko-yield/config.json). The SKILL.md says private keys are loaded from env and never logged/written; most visible code (approve/deposit/compound/report) does not log private keys and writes only transaction logs to ~/.config/gekko-yield/logs. However the setup script file was not fully inspected in the provided truncated output — you should verify setup.ts does not persist the private key to disk or transmit it.
Install Mechanism
No download/install from arbitrary URLs; code is included and uses standard node tooling (pnpm/npm, viem, tsx). package.json and lockfile reference known packages. This is a low-risk install vector relative to arbitrary remote installs.
Credentials
The skill requires access to a wallet private key at runtime (SKILL.md instructs PRIVATE_KEY env var) but the registry metadata didn't declare any required env vars / primary credential. Requesting a private key is proportionate to the stated purpose, but the omission in declared requirements is an incoherence that could lead to users not realizing they must supply a secret. Also verify that the setup script and config writer only store the envVar name (not the secret) as SKILL.md claims.
Persistence & Privilege
always:false (normal). The scripts create and write configuration and logs under ~/.config/gekko-yield which is appropriate for this type of tool. There is no evidence the skill modifies other skills or system-wide settings. The agent-autonomous invocation default is allowed but not set to always:true.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gekkoai-yield - 安装完成后,直接呼叫该 Skill 的名称或使用
/gekkoai-yield触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of gekko-yield.
- Earn yield on USDC by depositing to the Moonwell Flagship USDC vault on Base.
- Supports deposit, withdrawal, position/APY checks, and automated yield reporting.
- Includes auto-compounding of reward tokens and secure wallet handling via environment variables.
- Comprehensive CLI with setup, status, report, deposit, withdraw, and compound commands.
- Security best practices: transaction simulation, key management, contract verification, and user previews.
元数据
常见问题
Gekko Yield 是什么?
Earn yield on USDC by supplying to the Moonwell Flagship USDC vault on Base. Use when depositing USDC, withdrawing from the vault, checking position/APY, or generating yield reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1576 次。
如何安装 Gekko Yield?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gekkoai-yield」即可一键安装,无需额外配置。
Gekko Yield 是免费的吗?
是的,Gekko Yield 完全免费(开源免费),可自由下载、安装和使用。
Gekko Yield 支持哪些平台?
Gekko Yield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gekko Yield?
由 gekkoai001(@gekkoai001)开发并维护,当前版本 v1.0.0。
推荐 Skills