📦 yields-llama — 链上收益速查
v1.0.0通过 yieldsllama CLI 一键查询跨链 DeFi 收益、APY 与最佳质押机会,数据实时来自 DeFi Llama API,助你秒锁高收益。
0· 52·0 当前·0 累计
by 下载技能包
最后更新
2026/4/13
安全扫描
OpenClaw
安全
medium confidenceThe skill's instructions, requirements, and behavior are consistent with a CLI that queries DeFi Llama; it does require building and installing third‑party code and will write files in the working directory, so review before running.
评估建议
This skill appears to do what it claims, but it requires building and installing third‑party code and will create files in the directory where it runs. Before installing or running: (1) review the GitHub repository source (https://github.com/0x9bb1/yieldsllama) to ensure you trust it; (2) avoid running curl | sh blindly — prefer installing rustup from official docs or using a package manager you control; (3) run the build/install steps inside a container or VM if you want to limit system impact;...详细分析 ▾
✓ 用途与能力
The name/description (querying DeFi yields via DeFi Llama) matches the SKILL.md: it documents a CLI that queries yields.llama.fi, filters and sorts results, and caches responses. Requiring a built binary and an LLAMA_DOMAIN endpoint is coherent for this purpose.
ℹ 指令范围
Instructions include building from source, creating a .env file in the current working directory (LLAMA_DOMAIN), and caching API responses to data.json. These actions are within the CLI's scope but will create files in whatever directory the agent runs in (possible surprise/side effects). The SKILL.md does not instruct reading unrelated user files or secrets.
ℹ 安装机制
There is no formal install spec in the registry, but SKILL.md instructs running the official rustup installer (https://sh.rustup.rs) and git-cloning a GitHub repo (https://github.com/0x9bb1/yieldsllama.git), then building and copying a binary into /usr/local/bin. The hosts used are known (rustup.rs and github.com) which reduces risk, but these steps implicitly run remote code and require elevated permissions to install into system PATH.
ℹ 凭证需求
Registry metadata lists no required env vars, but the runtime instructions require a .env file with LLAMA_DOMAIN (not a secret) and the tool will contact yields.llama.fi. No credentials or unrelated secrets are requested. The metadata/instructions mismatch (no declared env but .env required at runtime) is a minor inconsistency to be aware of.
ℹ 持久化与权限
always is false and the skill does not request permanent agent privileges. However installation instructions suggest placing a binary in /usr/local/bin (system-wide) and the tool creates a local cache file data.json; both are persistent changes to the host filesystem and may require root to perform.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/13
Initial release of yieldsllama. - Query DeFi yield opportunities across multiple blockchains using the DeFi Llama API via CLI. - Filter and sort pools by chain, token, APY, TVL, asset type (single/multi), and more. - Includes result guidance on interpreting APY, TVL, and protocol/chain risk. - Supports comparison of multiple tokens or pools in a unified output. - Built-in caching of results, .env setup instructions, and troubleshooting section.
● 可疑
安装命令
点击复制官方npx clawhub@latest install yieldsllama
镜像加速npx clawhub@latest install yieldsllama --registry https://cn.longxiaskill.com镜像同步中