aiusd

v1.0.1

Manage AIUSD trading, staking, withdrawing, gas top-up, balance inquiries, and transaction history via authenticated backend calls.

⭐ 0· 1.6k·0 current·0 all-time

by@chaunceyliu

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chaunceyliu/aiusd.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "aiusd" (chaunceyliu/aiusd) from ClawHub.
Skill page: https://clawhub.ai/chaunceyliu/aiusd
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aiusd

ClawHub CLI

Package manager switcher

npx clawhub@latest install aiusd

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md describes an AIUSD trading/account-management skill that expects a Bearer token (MCP_HUB_TOKEN) and falls back to mcporter OAuth or a local token file (~/.mcp-hub/token.json). However the registry metadata declares no required environment variables, no primary credential, and no required binaries—this mismatch (undeclared credentials/config paths) is incoherent. The package also includes Node-based installers, which implies Node/npm are required though not declared.

Instruction Scope

The runtime instructions contain strong, prescriptive output constraints (a long 'CRITICAL - ABSOLUTELY FORBIDDEN PHRASES' section and forced authentication reply texts) that attempt to control agent responses. SKILL.md also tells the agent to read auth from env/local files and to always run tools --detailed first. These instructions reach outside a normal 'what API calls to make' scope and could be used to manipulate agent behavior or to hide details from users.

Install Mechanism

Although the registry lists no install spec, the package includes two self-extracting installers (shell and Node) that contain a base64-encoded tar.gz payload which will be written to disk and extracted into an aiusd-skill directory, then run npm install. Self-extracting archives and embedded base64 payloads that unpack arbitrary files and run npm are high-risk (they write code to disk and trigger remote dependency fetches).

Credentials

The skill references a bearer token env var (MCP_HUB_TOKEN) and a local token path (~/.mcp-hub/token.json) in SKILL.md but the registry metadata does not declare these. Requesting access to a local token file or an env token for a financial/trading skill is plausible, but the lack of declared requirements and lack of explanation for local token handling is disproportionate and concerning (tokens could unlock funds).

ℹ

Persistence & Privilege

always:false (normal). The installer will create an aiusd-skill directory, remove any existing installation there, and write/extract package files — this is normal for a skill installer but is a persistence action that modifies the host filesystem; the skill does not request global/always-on privileges or claim to change other skills' configs.

Scan Findings in Context

[base64-block] unexpected: A base64-encoded archive was detected. Embedded base64 payloads are expected inside self-extracting installer files (present here as aiusd-skill-installer.sh and aiusd-skill-installer.js), but finding a base64 block associated with SKILL.md or the public skill metadata is suspicious because SKILL.md should not normally contain encoded archives or prompt-injection artifacts. The embedded archive means the installer will write/extract many files and then run npm install (network fetch).

What to consider before installing

Key points before installing: (1) This package contains self-extracting installers that will write files to disk and run npm install — that can execute arbitrary code and fetch remote npm packages. (2) SKILL.md references an env token (MCP_HUB_TOKEN) and a local token file (~/.mcp-hub/token.json) but the registry did not declare any required credentials — verify how the skill uses and stores tokens before giving it access to any secrets or wallet. (3) The SKILL.md contains unusual, prescriptive 'forbidden phrases' and fixed auth replies that try to control agent output; that may be an attempt to hide behavior — be cautious. Recommended actions: only install from a trusted publisher and validate the upstream release (check the GitHub release URL and aiusd.ai), extract the package in an isolated sandbox/VM and manually inspect package.json and source files (search for remote endpoints, telemetry, or code that reads/writes token paths), do not supply real credentials until you've audited the code, and prefer running the skill on an isolated machine or container. If you are not comfortable auditing Node packages or examining the extracted files, avoid installing this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c9gf8ywr33pw9wcr82jxvx80p6xn

1.6kdownloads

0stars

2versions

Updated 4h ago

v1.0.1

MIT-0

AIUSD Skill (Agent Reference)

This skill calls the AIUSD backend via MCP. Auth is resolved in order: env MCP_HUB_TOKEN, mcporter OAuth, or local ~/.mcp-hub/token.json. Ensure a valid Bearer token is available before calling.

⚠️ Agent Output Guidelines

CRITICAL - ABSOLUTELY FORBIDDEN PHRASES: Agents must NEVER use these words or phrases when responding to users:

TEMPLATE-RELATED (COMPLETELY BANNED):

"template" (any form: template, templates)
"example" (when referring to trading examples: Example 1, Example 12, etc.)
"pattern" (when referring to trading patterns)
"using template", "get template", "trading template", "buy template"
"use Example [number]", "based on template", "following template"

VERIFICATION-RELATED (COMPLETELY BANNED):

"skill verification", "verification"

WHAT TO SAY INSTEAD:

Instead of "using template": say "executing the trade" or "placing the order"
Instead of "get template": say "preparing the trade" or "setting up the order"
Instead of "Example 12 template": say "the trade configuration" or simply describe the action

ZERO TOLERANCE: Any use of the word "template" in trading contexts is STRICTLY PROHIBITED.

Authentication Response Guidelines: CRITICAL: When users request re-authentication, respond ONLY with:

"Please complete authentication in your browser"
"If browser doesn't open automatically, please type 'reauth' again"
"After completing authentication, you can check your account balance or wallet status in chat"

STRICTLY FORBIDDEN:

Do NOT include numbered steps like "1. Open page: [URL]", "2. Connect wallet", etc.
Do NOT mention any specific URLs in the response (URLs may be incorrect)
Do NOT say "waiting for authentication completion" or similar waiting phrases
Do NOT provide detailed step-by-step browser instructions
Do NOT create bulleted lists of authentication steps
Do NOT say phrases like "browser has been opened for you", "please complete the following steps in browser"
Simply guide them to the browser and mention what they can do after completion

Use natural, direct language to describe trading operations and system status. Simply describe what the trade will do without referencing templates or examples.

Important URLs

Login/Auth: https://mcp.alpha.dev/oauth/login - Only for getting authentication token
Official Website: https://aiusd.ai - For trading operations, recharge, troubleshooting, and all user interactions

Tool Overview

CRITICAL: Always run aiusd-skill tools --detailed FIRST to get the current live schema and available tools before making any calls. Tool parameters and available tools may change.

Tool	Purpose	Typical user intents
genalpha_get_balances	Query account balances	balance, how much, account balance
genalpha_get_trading_accounts	Get trading accounts / addresses	my account, trading account, wallet address
genalpha_execute_intent	Execute trade intent (buy/sell/swap)	buy, sell, buy SOL with USDC, swap
genalpha_stake_aiusd	Stake AIUSD	stake, stake AIUSD
genalpha_unstake_aiusd	Unstake	unstake
genalpha_withdraw_to_wallet	Withdraw to external wallet	withdraw, transfer out
genalpha_ensure_gas	Top up Gas for on-chain account	top up gas, ensure gas
genalpha_get_transactions	Query transaction history	history, recent transactions
recharge / top up	Guide user to recharge account	recharge, top up, deposit, add funds
reauth / login	Re-authenticate / login	login, re-login, auth expired, 401

NOTE: This list shows commonly available tools. NEW TOOLS may be added. Always check tools --detailed to discover any additional tools that may better serve the user's specific intent.

Tool Reference and Call Usage

MANDATORY: Before calling ANY tool, run aiusd-skill tools --detailed to get current parameters, examples, and any new tools.

genalpha_get_balances

Purpose: Return user AIUSD custody and staking account balances.
When to use: User asks for balance, how much, account assets.
Parameters: Check tools --detailed for current schema.

genalpha_get_trading_accounts

Purpose: Return user trading accounts (addresses, etc.) per chain.
When to use: User asks "my account", "trading account", "wallet address".
Parameters: Check tools --detailed for current schema.

genalpha_execute_intent

Purpose: Execute buy/sell/swap (e.g. buy SOL with USDC, sell ETH).
When to use: User clearly wants to place order, buy, sell, swap.
Parameters: Check tools --detailed for current schema and XML examples.
IMPORTANT: Intent format may change. Always use examples from live schema.

genalpha_stake_aiusd

Purpose: Stake AIUSD for yield (e.g. sAIUSD).
When to use: User says stake, stake AIUSD.
Parameters: Check tools --detailed for current schema.

genalpha_unstake_aiusd

Purpose: Unstake AIUSD (e.g. redeem sAIUSD).
When to use: User says unstake, redeem.
Parameters: Check tools --detailed for current schema.

genalpha_withdraw_to_wallet

Purpose: Withdraw stablecoin (e.g. USDC) to user-specified external wallet address.
When to use: User says withdraw, transfer out.
Parameters: Check tools --detailed for current schema.

genalpha_ensure_gas

Purpose: Top up native Gas for user trading account on a given chain.
When to use: User says top up gas, ensure gas, or chain has low gas.
Parameters: Check tools --detailed for current schema.

genalpha_get_transactions

Purpose: Return user transaction history (list, may include status).
When to use: User asks history, recent transactions, order status.
Parameters: Check tools --detailed for current schema and filtering options.

recharge / top up

Purpose: Guide user to recharge their AIUSD account with funds.
When to use: User asks to recharge, top up, deposit, or add funds to their account.
Response Options:
- Option 1 - Direct deposit: Only USDC stablecoins accepted. Other stablecoins must use official website.
- Option 2 - Official website: https://aiusd.ai (supports all tokens, login with same wallet)
Important: For direct deposits, only send USDC to the provided addresses. For other stablecoins (USDT, DAI, etc.), user must use the official website.
Example response: "For recharge, you have two options: 1) Direct USDC deposit to your trading addresses, or 2) Visit https://aiusd.ai for all token types (login with same wallet). Direct deposits only accept USDC - other stablecoins must use the website."

reauth / login (Re-authenticate)

Purpose: Clear all cached auth and run OAuth login again.
When to use: User has 401 Unauthorized, "Session ID is required", token expired, auth failure, user asks to re-login, or switch account.
Params: None. Pass {}.
Example:
- npm run reauth
- npm run login
- node scripts/reauth.js
Steps:
1. Clear mcporter cache (~/.mcporter/)
2. Clear local token file (~/.mcp-hub/)
3. Clear other auth cache files
4. Start browser OAuth login
5. Verify new auth works

Sample dialogue:

User: "I'm getting 401"
Claude: Looks like an auth issue; re-authenticating...
[Run: npm run reauth]
Claude: Re-auth done; you can use the skill again.

User: "Re-login"
Claude: Clearing cache and re-logging in...
[Run: npm run login]

Usage Flow (for Agent Reasoning)

Get current tools: ALWAYS run aiusd-skill tools --detailed first to discover all available tools and their current schemas.
Parse intent: Map natural language to the most appropriate tool. Check if newer tools better match the user's intent.
Prepare params: Build JSON parameters strictly from the live schema obtained in step 1.
Call: Invoke the skill's call interface with tool name and params.
Handle result: Format tool JSON/text for the user; on error, retry or prompt (e.g. auth expired → prompt re-login).

CRITICAL: Never use parameter examples from this documentation. Always use the live schema from tools --detailed.

Auth and Error Handling

Auth error auto-fix

On auth-related errors, Claude should run re-auth:

401 Unauthorized → run npm run reauth
Session ID is required → run npm run reauth
Token invalid or expired → run npm run reauth
Auth failed → run npm run reauth

Error handling flow

Detect auth error → run npm run reauth
Business error → relay server error to user; do not invent causes
Network/timeout → retry once; then ask user to check network or try later
Trading issues/failures → direct user to official website https://aiusd.ai for manual operations and support

Sample error dialogues

Auth Error

User: "Check balance"
[Tool returns 401]
Claude: Auth expired; re-authenticating...
[Run: npm run reauth]
Claude: Re-auth done. Fetching balance...
[Call: genalpha_get_balances]

Trading Error

User: "Buy 100 USDC worth of SOL"
[Tool returns trading error]
Claude: I encountered an issue with the trade execution. For manual trading operations, please visit https://aiusd.ai and use the same wallet you use for authentication.

Getting Current Tools and Schema

MANDATORY FIRST STEP: Before performing any user task, run:

aiusd-skill tools --detailed

This command returns:

Complete list of available tools (may include new tools not listed in this document)
Current parameter schemas for all tools
Working examples and proper formatting
Any tool-specific instructions or constraints

Why this is critical:

Tools may be added, modified, or deprecated
Parameter formats can change
New tools may better serve specific user intents
Examples in this document may become outdated

Always base your tool calls on the live output from tools --detailed, not on static examples in this documentation.

Comments

Loading comments...