Aidex
WarnAudited by ClawScan on May 13, 2026.
Overview
Aidex appears to do what it says, but it can use a stored Ethereum private key to automatically approve and execute real on-chain token swaps.
Install only if you are comfortable letting an agent sign Ethereum transactions from a configured wallet. Use a fresh low-balance wallet, review each quote and approval before execution, monitor transactions on-chain, and remove or rotate the private key if you stop using the skill.
Publisher note
Dear ClawHub Team, We are leaving this note to address the automated security flags assigned to the AIDEX skill. We fully respect your commitment to platform safety. At the same time, we would like to provide some context. Your automated scanner evaluates our Web3 tool through the lens of traditional Web2 architecture, which means that several standard, intentional mechanics of decentralized finance are currently being flagged as vulnerabilities. For example, the scanner highlights the fact that our skill signs transactions locally as a privilege abuse risk. We view this differently. In our experience, this is simply the correct architectural approach for a DeFi application. AIDEX does not require users to create third-party accounts or trust external services with their assets. All transaction decisions and fund management operations occur directly on the user's own machine. This principle of self-custody — where the user maintains full control of their private keys — is the standard, secure foundation for interacting with the blockchain. Regarding the scanner's request for hard-coded confirmation gates: a decentralized swap tool must be able to execute operations autonomously. Adding blocking prompts directly into the script would break the automated AI-driven scenarios this tool was designed for, such as scheduled dollar-cost averaging or conditional trading. Instead, user confirmations are handled appropriately at the AI Agent level. As for the flagged npm dependencies, we use standard, widely audited libraries like ethers to securely sign transactions, along with a reliable tool to interact with the operating system's native credential manager. We built this first version of AIDEX as an accessible entry point into the emerging field of AI-driven trading. We believe that the combination of our local-first architecture and the transparent best practices outlined in our security policy provides a balanced, secure environment for users to start. By following our main recommendation — using a dedicated trading wallet with limited funds — users can safely gain experience and experiment with automated trading strategies. The AI DeFi ecosystem is evolving rapidly. While we kindly ask you to reconsider how automated checks are applied to decentralized tools, our team is already working on the next generation of more advanced instruments. Until then, we believe our current architecture and security guidelines offer a reliable, user-centered experience. Best regards, Andrey Almiashev AIDEX CEO
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent invocation could approve token spending or execute a swap with real wallet funds.
This documents automatic signing and submission of transaction chains, including token approvals. That is purpose-aligned for a swap tool, but it is a high-impact action and the artifacts do not show a mandatory user confirmation or enforced spending limit before irreversible on-chain execution.
Executes a full swap cycle. The API builds a chain of transactions (approve + swap if needed), the script signs them locally and sends them. Approve is handled automatically
Use explicit per-swap confirmation, show the quote/recipient/allowance before signing, and enforce token and amount limits. Until then, use only a dedicated low-balance trading wallet.
If the configured wallet contains significant funds, any misuse, compromise, or unintended invocation could result in irreversible loss or unwanted trades.
The code reads a raw Ethereum private key from an environment variable or OS keyring and constructs an ethers Wallet. This gives the skill direct signing authority for the wallet, not just access to a narrowly scoped service token.
const fromEnv = normalizePrivateKey(process.env.AIDEX_PRIVATE_KEY); ... const entry = new Entry("aidex", "AIDEX_PRIVATE_KEY"); ... return new Wallet(privateKey);Do not use a main wallet. Create a dedicated trading wallet with limited funds, monitor approvals, revoke unused allowances, and remove the stored key when not actively using the skill.
Installing the skill dependencies adds local package code that participates in signing and credential access.
The skill depends on third-party npm packages, including an optional native keyring library. These dependencies are expected for local Ethereum signing and credential storage and are pinned, but installing them still downloads and runs third-party code.
"dependencies": { "ethers": "6.16.0" }, "optionalDependencies": { "@napi-rs/keyring": "1.2.0" }Run npm install only from the skill directory, keep the skill updated through trusted channels, and review dependency provenance if your environment has strict security requirements.