← 返回 Skills 市场
altoninelli

Yield Farm Payment

作者 altoninelli · GitHub ↗ · v1.0.8 · MIT-0
cross-platform ⚠ suspicious
77
总下载
0
收藏
1
当前安装
9
版本数
在 OpenClaw 中安装
/install yield-farm-payment
功能描述
Pay any seller at ZERO net cost. Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investme...
安全使用建议
This skill appears to implement the DeFi payment flow it describes, but there are several red flags you should address before installing or running it: 1) Do not use your main wallet — create a dedicated wallet with minimal funds and only the tokens needed for testing. 2) The skill requires a RAW PRIVATE_KEY in .env; inspect the entire codebase (especially scripts/yield-farm-payment-corrected.js) to confirm the key is only used locally for signing and is not transmitted to any external endpoint. 3) Resolve manifest/metadata inconsistencies (registry metadata said no env vars; manifest.json references a non-existent main entrypoint). These mismatches could be innocent mistakes but reduce trust. 4) Run everything in a controlled environment first (Base Sepolia testnet) and review network calls (grep for http/https/fetch/axios/request) to ensure there are no hidden remote endpoints. 5) If you lack the ability to audit JavaScript yourself, ask a developer/security reviewer to audit the main payment file for key exfiltration or unexpected behavior before providing any private key. If you proceed, start with the smallest amounts and monitor all transactions on basescan.org.
功能分析
Type: OpenClaw Skill Name: yield-farm-payment Version: 1.0.8 The skill requires the user to provide a raw 'PRIVATE_KEY' in the .env file, which is a high-risk practice granting the AI agent full control over the wallet. While the code in 'yield-farm-payment-corrected.js' and 'transaction-manager.js' appears to align with the stated DeFi purpose (USDC transfers and Aave V3 deposits), the architectural design creates a significant attack surface for wallet draining via prompt injection. Additionally, 'scripts/check-configuration.js' contains logic to dynamically write new executable files ('test-wallet.js') to the disk, which is a risky capability in an agentic environment.
能力标签
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
The skill's purpose (pay on Base and deposit collateral on Aave) justifies needing a wallet private key and an RPC URL. However the registry metadata shown at the top lists no required env vars/credentials while SKILL.md, package.json, and manifest.json clearly require PRIVATE_KEY and BASE_RPC_URL — this metadata mismatch is an incoherence that reduces trust. Additionally manifest.json lists an entrypoint 'scripts/yield-farm-payment.js' that doesn't exist (the actual main file is yield-farm-payment-corrected.js in package.json), which is another inconsistency.
Instruction Scope
SKILL.md explicitly instructs the user to store a raw PRIVATE_KEY in .env and to run CLI scripts that will perform on-chain writes. That is coherent with the skill's payment function, but it is high privilege: anywhere the code uses the PRIVATE_KEY it has full control of the wallet. The instructions do not try to exfiltrate the key to external servers in the visible files, but you must inspect the core runtime file (yield-farm-payment-corrected.js) before running. The skill also creates a test-wallet.js helper file dynamically in scripts/check-configuration.js; writing files is allowed but should be reviewed.
Install Mechanism
There is no remote install/download step — dependencies are standard npm packages (viem, dotenv). No external or obfuscated install URLs are used. The skill is delivered as source files, so reviewable locally before execution.
Credentials
REQUESTED CREDENTIALS: PRIVATE_KEY and BASE_RPC_URL are sensitive but proportionate for a tool that must sign transactions on the user's behalf. The skill appropriately warns to use a dedicated low-balance wallet. That said, the registry-level metadata provided to the platform (which claimed 'none' for required env vars) contradicts the package/SKILL.md; that mismatch should be resolved before trusting platform-level permissions. Several optional Aave/ERC20 addresses are also recommended, which is expected.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. Model invocation is allowed (platform default) — note that an autonomously-invokable skill that has access to a raw PRIVATE_KEY would have a higher blast radius if misused; this skill does not set always:true, but you should be cautious about allowing autonomous calls with any private key configured.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install yield-farm-payment
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /yield-farm-payment 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.8
v1.0.8 is a maintenance release with updated documentation. - Updated SKILL.md version and references from 1.0.6 to 1.0.8. - No functional changes; implementation and configuration remain the same. - Manifest and package metadata updated to reflect the new version.
v1.0.7
## YieldFarmPayment v1.0.7 Changelog - Documentation update: README.md revised for accuracy and clarity. - No code or feature changes.
v1.0.6
YieldFarmPayment v1.0.6 - Updated documentation to reflect the new version (v1.0.6). - No code or feature changes; content remains focused on Upfront Mode and current implementation.
v1.0.5
- Updated dependencies in package.json. - Updated documentation (SKILL.md) for version bump to 1.0.5. - Removed aave-protocol-v3 from the required dependencies list in SKILL.md. - No functional or feature changes.
v1.0.4
- Clarified required environment variables in documentation for easier setup. - Updated internal references and version to 1.0.4. - No functional or security changes; documentation improvements only.
v1.0.3
- Added prominent security notice: now requires a raw PRIVATE_KEY of a dedicated wallet, raising security level and warning users to use only low-balance wallets. - Updated metadata: reputation requirement increased to "medium" and security_level set to "high-privilege" with visible usage warning. - Documentation revised for clarity on operational risks, with a new, strongly worded recommendation to use only dedicated wallets. - No changes to core functionality or usage—Upfront Mode with Aave yield recovery remains the focus.
v1.0.2
- Added a frontmatter block with metadata, author, tags, and pricing information to SKILL.md. - Updated the description to highlight "Net-Zero" payments and automated cost recovery. - No changes to underlying logic, documentation, or usage instructions; all main content after the frontmatter remains the same.
v1.0.1
**Changelog for v1.0.1** - Removed `package-lock.json` to streamline dependency management. - Updated `package.json` (details not shown) for consistency or dependency adjustments. - No changes to documented functionality or features.
v1.0.0
YieldFarmPayment v1.0 — Launch of immediate payment + capital recovery system on Base. **Pay any seller at ZERO net cost.** Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investments. Achieve professional-grade **Net-Zero transactions** with automated cost recovery. Pay recipients immediately on Base network, then recover your capital over time through Aave V3 yield farming. - Configurable collateral multipliers (3x–20x) and safety buffer for flexible risk/recovery tradeoffs. - Robust CLI for payments, configuration checks, and realistic testing scenarios. - Automatic transaction retries, gas/nonce management, and comprehensive error handling included. - Detailed documentation, quick-start guides, and project structure to help users integrate and operate safely.
元数据
Slug yield-farm-payment
版本 1.0.8
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 9
常见问题

Yield Farm Payment 是什么?

Pay any seller at ZERO net cost. Our high-efficiency logic on Base L2 offsets network fees by pairing payments with low-risk, stablecoin-based yield investme... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。

如何安装 Yield Farm Payment?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install yield-farm-payment」即可一键安装,无需额外配置。

Yield Farm Payment 是免费的吗?

是的,Yield Farm Payment 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Yield Farm Payment 支持哪些平台?

Yield Farm Payment 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Yield Farm Payment?

由 altoninelli(@altoninelli)开发并维护,当前版本 v1.0.8。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论