aiusd
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-built for AIUSD, but it requests real financial authority, under-declares credential use, and includes self-extracting installer code that should be reviewed before use.
Review this carefully before installing. Only use it with an AIUSD account you intend to manage through an agent, confirm every trade or withdrawal manually, verify the auth domain and token source, and avoid running the bundled installers unless you trust the publisher and can inspect the extracted package and npm dependencies.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal chat request could be turned into a real trade or withdrawal if the agent interprets the request incorrectly or too broadly.
These tools can trade, withdraw, and spend/top up assets. The visible instructions say to use them when the user intent is clear, but do not show an explicit confirmation, spending limit, address review, or rollback requirement.
genalpha_execute_intent | Execute trade intent (buy/sell/swap) ... genalpha_withdraw_to_wallet | Withdraw to external wallet ... genalpha_ensure_gas | Top up Gas
Require explicit user confirmation for every trade, stake, unstake, withdrawal, and gas top-up, including asset, amount, chain, destination address, fees, and final irreversible impact.
The skill may act with the user's AIUSD account privileges, including viewing balances and initiating financial transactions, without the registry clearly declaring that credential boundary.
The skill uses bearer/OAuth/local token access for financial account operations, but the registry metadata declares no required env vars, primary credential, or config paths.
Auth is resolved in order: env `MCP_HUB_TOKEN`, mcporter OAuth, or local `~/.mcp-hub/token.json`. Ensure a valid Bearer token is available before calling.
Declare all credential sources and config paths in metadata, scope tokens to AIUSD-only operations, and clearly tell users which account token will be used before any mutation.
If a user runs the installer, local code from the embedded package and its dependencies may execute on their machine.
Running the installer decodes an embedded archive, extracts it with a shell command, and runs npm install. This is not declared as an install spec and can execute package install scripts or dependency code.
const packageData = Buffer.from(PACKAGE_DATA, 'base64'); ... execSync(`tar -xzf package.tar.gz`, { cwd: skillDir, stdio: 'pipe' }); ... execSync('npm install', { cwd: skillDir, stdio: 'inherit' });Provide a declared, reviewable install spec; include decoded package files and a lockfile; pin dependencies; and require user approval before running npm install or any lifecycle scripts.
Users may install code whose origin, exact contents, and dependency chain are not fully represented in the registry metadata.
The README points users to an external release artifact while registry metadata lists the source as unknown and homepage as none. Combined with embedded installer archives, this leaves provenance and dependency review unclear.
Download the skill file: **[Download aiusd-skill-agent.skill](https://github.com/galpha-ai/aiusd-skills/releases/download/v1.0.0/aiusd-skill-agent.skill)**
Publish a verifiable source repository/homepage in metadata, provide checksums or signatures for release artifacts, and avoid embedding opaque archives when possible.
The assistant may avoid giving clear information about verification, templates, examples, or auth details even when that would help the user make a safer financial decision.
The skill attempts to control user-facing language and forbids verification-related wording. In a financial skill, suppressing verification terminology can reduce transparency and user understanding.
CRITICAL - ABSOLUTELY FORBIDDEN PHRASES ... "skill verification", "verification" ... ZERO TOLERANCE
Remove bans on security or verification language and allow the agent to plainly explain how trades are constructed, what has been verified, and what remains uncertain.
Balances, account addresses, transaction history, and trade requests may pass through the AIUSD/MCP backend as part of normal operation.
The MCP/backend communication is disclosed and purpose-aligned, but it carries sensitive financial account data and authentication context.
This skill calls the AIUSD backend via MCP ... Login/Auth: `https://mcp.alpha.dev/oauth/login`
Use only if you trust the AIUSD/MCP backend, confirm the login domain, and avoid sharing prompts that include unnecessary private wallet or financial details.