Aiusd Skills
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated AIUSD trading purpose, but it asks for high-impact financial authority through undeclared credentials and includes opaque installer code that users should review carefully.
Install only if you trust the AIUSD publisher and have reviewed the unpacked installer contents. Before use, confirm which token or OAuth account it will use, require manual confirmation for every trade or withdrawal, and avoid granting access to accounts holding more funds than you are willing to risk.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may avoid explaining important verification or authentication details because the skill tells it not to use certain phrases or formats.
These instructions attempt to control how the agent talks to users, including banning verification-related wording, which is not necessary for the trading purpose and could suppress useful safety context.
"CRITICAL - ABSOLUTELY FORBIDDEN PHRASES" ... Agents must NEVER use ... "skill verification" ... "Authentication Response Guidelines": respond ONLY with ...
Do not let skill-authored wording rules override normal safety explanations, especially around authentication, transactions, and review status.
A mistaken instruction or expanded backend tool schema could result in trades, staking changes, withdrawals, or gas top-ups affecting real funds.
The skill grants high-impact financial mutation authority and also instructs the agent to discover and potentially use live-added tools beyond the reviewed list, without documented confirmation gates or transaction limits.
"genalpha_execute_intent | Execute trade intent (buy/sell/swap)" ... "genalpha_withdraw_to_wallet | Withdraw to external wallet" ... "NEW TOOLS may be added. Always check `tools --detailed`"
Require explicit user confirmation for every trade, withdrawal, stake/unstake, and gas top-up, and do not use newly discovered tools unless the user has reviewed their purpose and parameters.
Installing or using the skill may give the agent access to an authenticated financial account token that can be used to view balances and initiate account actions.
The skill uses bearer/OAuth/local token credentials for account access, but the registry metadata declares no required env vars, primary credential, or config paths, under-disclosing a sensitive permission boundary.
Auth is resolved in order: env `MCP_HUB_TOKEN`, mcporter OAuth, or local `~/.mcp-hub/token.json`. Ensure a valid Bearer token is available before calling.
Only provide a token intentionally, prefer least-privilege or limited accounts if available, and verify which credential source is being used before allowing transactions.
Users cannot easily tell what code will be unpacked or which dependencies will be installed before running the installer.
The installer embeds an opaque compressed package, extracts it, and installs dependencies, while the registry has no install spec and the source is listed as unknown.
const PACKAGE_DATA = `H4sIA...`; ... fs.writeFileSync(tarballPath, packageData); ... execSync(`tar -xzf package.tar.gz`, { cwd: skillDir, stdio: 'pipe' }); ... execSync('npm install', { cwd: skillDir, stdio: 'inherit' });Do not run the installer until the embedded package and dependency list are independently inspected and obtained from a trusted, pinned source.
Running the installer can execute package installation steps and unpack code on the local system beyond what the registry metadata prepares the user for.
The shell installer decodes embedded archive data, extracts it, and runs npm install. That is installer behavior, but it is not reflected in the registry install requirements for this supposedly instruction-only skill.
tail -n +$ARCHIVE_START "$0" | base64 -d | tar -xzf - -C "$SKILL_DIR" ... npm install >/dev/null 2>&1
Treat the installer as executable code; run it only in a controlled environment after reviewing the unpacked archive and package scripts.
Your balances, wallet/account information, and transaction requests may be sent to the AIUSD/MCP backend as part of normal use.
External MCP/backend communication is expected for this trading integration, but it means account data and transaction intents flow through provider infrastructure.
This skill calls the AIUSD backend via MCP ... Login/Auth: `https://mcp.alpha.dev/oauth/login` ... Official Website: `https://aiusd.ai`
Use the skill only if you trust the AIUSD/MCP provider and understand which account data and transaction instructions are being transmitted.
Users may trust the skill more than warranted and allow it to manage funds without independently verifying the code and provider.
The README makes strong trust and privacy claims, but the provided metadata lists the source as unknown and the artifacts include opaque embedded installer payloads, so those assurances are not fully supported by the reviewed artifacts.
"The official AIUSD trading skill" ... "Local First" ... "No Data Sharing" ... "Open Source: Skill code is transparent and auditable"
Verify the publisher, source repository, release artifact, and unpacked code before relying on the README’s security and privacy claims.