📦 Gekko — DeFi收益管家

v1.0.0

专为Base链打造的AI DeFi投资组合管家，实时扫描Morpho与Yearn金库APY，智能推荐最佳收益机会并动态调仓，一键掌握全链市场情报。

0· 1.1k·1 当前·1 累计

by @gekkoai001

数据分析自动化 API工具智能体

下载技能包

最后更新

2026/3/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill is an instruction-only wrapper around a single external API (https://gekkoterminal.ai). Before installing or using it: (1) Verify the API owner and domain (look for a homepage, company, or repository); (2) Do not send private keys, wallet seed phrases, or other secrets—test first with non-sensitive token addresses or dummy data; (3) Confirm why Node.js and Base RPC are listed as requirements despite no code being included—ask the publisher; (4) Independently verify the listed smart co...

详细分析 ▾

⚠ 用途与能力

The skill claims to be a DeFi portfolio manager but is instruction-only and simply instructs agents to POST requests to https://gekkoterminal.ai/api/a2a?agent=gekko. The metadata lists Node.js and 'Access to Base network RPC' as requirements even though no code files or local Node usage exist. Requiring node and an RPC endpoint is disproportionate for an instruction-only API client and suggests metadata/packaging mistakes or mismatched expectations.

⚠ 指令范围

Runtime instructions direct the agent to send user-supplied queries and token addresses to a third‑party API (gekkoterminal.ai). The SKILL.md does not ask for private keys, but it also does not explicitly forbid sending any sensitive context; an agent could inadvertently forward user/account details or session context to that external endpoint. The instructions otherwise stay within the described DeFi capabilities and reference no local files or unexpected env vars.

✓ 安装机制

There is no install spec and no code files — lowest surface area. Nothing is downloaded or written to disk as part of an install step.

ℹ 凭证需求

The skill declares no required environment variables or primary credential (good), but metadata embeds an api_endpoint and lists bins:["node"], while the SKILL.md examples use curl. The mention of 'Access to Base network RPC' in Requirements is not reflected in the runtime instructions or declared env vars. These mismatches are unexplained and reduce confidence.

✓ 持久化与权限

The skill is not always-enabled and does not request persistent system privileges or to modify other skills. It runs via external API calls only, so it does not gain local persistent privileges.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/8

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install gekko

镜像加速npx clawhub@latest install gekko --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库