v0.1.0

Axelrod

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

This skill matches its stated crypto-trading purpose, but it gives an agent high-impact trading authority using under-declared credentials and may execute small trades or automated strategies without a guaranteed confirmation step.

GuidanceInstall only if you intentionally want an agent to access AIxVC and trade on Base chain. Use low-balance or least-privilege credentials, verify every trade and automated strategy manually, understand that some small trades may execute without a confirmKey, and keep the Python dependency install isolated.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Trading Operations ... Spot Buy/Sell/Swap ... DCA ... Limit/Trigger Orders ... RSI Strategy ... Take-Profit / Stop-Loss ... Orders usually require risk-control confirmation; small orders (approximately ≤ $10) may skip confirmation.

The skill exposes financial trading and automated order execution through natural-language prompts, and its own instructions state that some small orders may bypass the confirmation flow.

User impactA user or agent mistake could create real crypto trades or automated orders, potentially causing financial loss.

RecommendationOnly install if you intend to let the agent trade on your behalf; require explicit user approval before any trade or strategy, start with very small amounts, and verify every confirmKey/action before proceeding.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

README.md

It supports spot buy/sell/swap, DCA, limit/trigger orders, RSI strategies, token analysis, balance and price queries, order management, and take-profit/stop-loss orders

DCA, trigger, RSI, and TP/SL orders can continue affecting the account after the initial prompt, but the artifacts do not document clear duration, cancellation, or exposure limits.

User impactAutomated strategies could continue trading later if configured incorrectly or misunderstood.

RecommendationBefore enabling automated strategies, confirm the exact size, duration, trigger conditions, cancellation method, and maximum loss/exposure.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

requests>=2.25.0

The dependency is version-ranged rather than exactly pinned. This is common and purpose-aligned, but users should be aware because the skill handles trading credentials.

User impactFuture dependency versions could differ from the reviewed environment.

RecommendationPin dependencies or install in an isolated environment, especially because the skill uses trading credentials.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

"AIXVC_ACCESS_KEY": "your_access_key", "AIXVC_SECRET_KEY": "your_secret_key"

The skill requires service credentials that authorize access to AIxVC trading/account functions, while the registry metadata declares no required environment variables and no primary credential.

User impactInstalling users may not be clearly warned by metadata that they are granting credentialed account/trading access.

RecommendationDeclare AIXVC credentials in metadata, use least-privilege keys if available, rotate keys regularly, and avoid granting keys tied to large balances.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

scripts/axelrod_chat.py

OPENAPI_ENDPOINT = "https://api.aixvc.io/gw" ... req_body = _json_compact({"message": args.message}) ... requests.post(url, data=body_json, headers=headers, timeout=TIMEOUT_SECONDS)

The CLI sends the user's natural-language trading or portfolio request to an external AIxVC gateway and returns its response; this is disclosed and central to the skill, but it is a sensitive external data flow.

User impactThe external provider can receive trading instructions and may return account, balance, order, or transaction information.

RecommendationUse only if you trust AIxVC with these requests; avoid including unnecessary private information in prompts and review provider account permissions.