xaut-trade
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed crypto-trading skill, but it can sign and submit real on-chain transactions and its default policy permits small trades without a blocking confirmation.
Install only if you want an AI agent to help operate a real crypto wallet. Use a dedicated low-balance wallet, require explicit confirmation for every on-chain write, verify setup scripts and remote installers before running them, and disable or review delegated trading skills you do not intend to use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A small trade can spend funds and gas if the agent interprets the user's request as executable, even if the user expected a final confirmation step.
This explicitly allows a real on-chain swap below the configured threshold to proceed after a preview without waiting for a fresh user confirmation.
- `< risk.confirm_trade_usd`: show full preview, then execute without blocking confirmation
Require explicit confirmation for every approve, swap, and cancel action; set `confirm_trade_usd` to 0 and `approve_confirmation_mode` to `always` if you install it.
If configured with a funded wallet, the skill can authorize blockchain approvals, swaps, limit orders, and cancellations involving real assets.
The skill clearly discloses that wallet access and signing authority are central to its operation.
**By design**: this skill executes on-chain financial transactions ... Direct wallet access and transaction signing are core capabilities
Use a dedicated low-balance wallet, keep seed phrases out of chat, protect password files, and review every transaction before allowing execution.
Running the installer gives remote setup code access to the local machine.
The Foundry setup path downloads and executes a remote installer, which is disclosed and optional for Foundry mode but still requires trust in the upstream installer.
curl -L https://foundry.paradigm.xyz | bash && ... foundryup
Prefer WDK mode if you do not need Foundry, or download and inspect the Foundry installer before running it.
If the resolved path is not the installed skill's script, the agent could run unintended local shell code.
The automated setup instructions can locate and execute a setup.sh from the user's home directory; this is intended setup behavior, but the path should be verified before execution.
find "$HOME" -maxdepth 6 -type f -path "*/xaut-trade/scripts/setup.sh" ... && bash "$SETUP_PATH"
Have the agent print the resolved setup path first, confirm it is inside the installed xaut-trade skill directory, and inspect the script before running it.
Requests about betting, perps, leverage, or other markets may be handed to separate skills with their own permissions and risks.
The skill may route non-XAUT financial intents to other skills, expanding the effective trust boundary beyond this package.
Delegates non-XAUT intents to registered skills (e.g. Polymarket prediction markets, Hyperliquid trading).
Verify which delegate skills are installed and ensure they also require explicit confirmation before any financial action.