Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
trade-with-aiusd
v1.0.2AIUSD trading and account management skill for cryptocurrency trading and account management.
⭐ 0· 1.7k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide trading and account management for AIUSD, which would legitimately need authentication and network access. However, the registry metadata declares no required environment variables or config paths, while SKILL.md explicitly references an env var (MCP_HUB_TOKEN) and a local token path (~/.mcp-hub/token.json). That mismatch (undeclared credential/config requirements) is incoherent and should have been declared.
Instruction Scope
SKILL.md instructs the agent to resolve auth from MCP_HUB_TOKEN, mcporter OAuth, or a local token file and to never reveal certain URLs or phrases to users (explicitly forbidding returning the login URL). The instructions therefore direct reading local credentials and restrict user-visible output — both are sensitive behaviors. The doc also contains a long set of forbidden phrases and 'never show URL' rules that effectively alter agent responses; that is unexpected for a simple trading skill and could hide useful information from the user.
Install Mechanism
Although the registry lists no install spec, the package includes two large self-extracting installers (shell and Node variants) with embedded base64 package data that will write files to disk, extract an archive, and run 'npm install'. Embedded/decoded archives and extraction to disk is higher risk than instruction-only skills because arbitrary code and dependencies will be installed locally. The installers use execSync/tar and will run npm install (network fetch of npm packages).
Credentials
Metadata declares no required env vars or config paths, but SKILL.md requires an auth token (MCP_HUB_TOKEN) or local token file and mentions OAuth. The skill would reasonably need authentication, but the omission from declared requirements is disproportionate and reduces transparency. The installer scripts also expect Node.js/npm on the host. Requiring local token files and hidden OAuth URLs without declaring them is a red flag.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). The installers create a persistent aiusd-skill directory in the current working directory and install node modules — persistent local installation but not platform-global privilege escalation. No evidence it modifies other skills or global agent configs beyond installing its own files.
Scan Findings in Context
[base64-block] unexpected: A large base64-encoded archive appears in the installer files (and truncated base64 appears in shipped files). Embedded archives are not unusual for self-extracting installers, but this was flagged in SKILL.md pre-scan prompts and increases risk because it results in arbitrary code being written and extracted on install. The presence inside SKILL.md or other documentation is unexpected.
[child_process-exec] expected: The JavaScript installer uses execSync/tar/npm install to extract and install dependencies. For an installer script this is expected, but it means the installer will execute shell commands on the host — a legitimate installer behavior but also a higher-risk operation that should be audited before running.
What to consider before installing
Before installing or running this skill: (1) Treat it as code — review the full extracted package contents in a safe environment (VM) before running; do not run the installer on a production machine. (2) Confirm the source and authenticity — the registry lists unknown source and no homepage; prefer official or well-known releases. (3) Expect the skill to need authentication (MCP_HUB_TOKEN or OAuth) and a local token file; don't place high-value secrets or reusable credentials into it without verifying the code. (4) Be cautious about running the included installers: they extract embedded archives and run 'npm install' (which downloads third-party packages). (5) If you need transparency, ask the maintainer to declare required env vars/config paths and provide a reproducible build or Git repo you can inspect. If you are not comfortable auditing the code, avoid installing or run it only in an isolated VM.Like a lobster shell, security has layers — review code before you run it.
latestvk97d9wwem554xd7qgp2f02njpx80zv1b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.