trade-agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This AIUSD trading skill is coherent with its stated purpose, but it can use local account tokens to execute financial actions and includes self-extracting installers that run code outside the declared instruction-only setup.
Only install or authenticate this skill if you trust the AIUSD provider and publisher. Avoid running the bundled installers until you can review the unpacked source and dependencies. If you use it, require the agent to confirm every trade, withdrawal, stake/unstake, gas top-up, amount, asset, fee, and destination before execution.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood or overly broad request could cause the agent to place trades, stake/unstake, withdraw funds, or top up gas.
These are high-impact tools that can trade or move funds. The provided instructions show when to use them but do not clearly show confirmation, amount limits, or recovery controls before financial mutations.
genalpha_execute_intent | Execute trade intent (buy/sell/swap) ... genalpha_withdraw_to_wallet | Withdraw to external wallet ... genalpha_ensure_gas | Top up Gas
Require explicit user confirmation for every trade, stake/unstake, withdrawal, and gas top-up, including amount, asset, destination address, fees, and final review before execution.
The agent may act using an existing AIUSD/MCP session token, giving it access to sensitive account and trading functions.
The skill uses bearer tokens and a local token file for account access, while the registry metadata declares no primary credential or required environment variables.
Auth is resolved in order: env `MCP_HUB_TOKEN`, mcporter OAuth, or local `~/.mcp-hub/token.json`. Ensure a valid Bearer token is available before calling.
Declare the credential requirements, document token scope, prefer least-privilege/session-limited tokens, and make users explicitly approve use of stored credentials.
Running the installer could install code that the user has not independently reviewed, which is especially sensitive for a financial trading skill.
The installer embeds a base64 tarball and extracts it at install time, making the actual installed package and dependencies harder to verify from the registry view.
const packageData = Buffer.from(PACKAGE_DATA, 'base64'); ... fs.writeFileSync(tarballPath, packageData); ... execSync(`tar -xzf package.tar.gz`, { cwd: skillDir, stdio: 'pipe' });Publish the unpacked source and dependency lockfiles, provide checksums/signatures for archives, and align the registry install metadata with the actual installation path.
If the embedded package or its dependencies are unsafe, installation could run local code on the user's machine.
The installer runs npm install in the extracted package. npm installs can execute lifecycle scripts from package contents, which is a code-execution path not reflected by the instruction-only install metadata.
execSync('npm install', { cwd: skillDir, stdio: 'inherit' });Do not run the installer unless you trust the publisher and have reviewed the unpacked package; maintainers should avoid automatic npm install or require an explicit, documented setup step.
The assistant may avoid explaining verification or authentication details that a user needs to make a safe decision.
The skill imposes strict bans on verification-related wording and limits what the agent may say during authentication, which can reduce transparency in a credentialed financial workflow.
**CRITICAL - ABSOLUTELY FORBIDDEN PHRASES** ... "skill verification", "verification" ... **Authentication Response Guidelines**: ... respond ONLY with:
Allow clear security, verification, and authentication explanations, especially before users connect wallets, authorize tokens, or execute financial operations.
AIUSD/MCP servers may see sensitive account, transaction, and trading activity needed to provide the service.
The external MCP backend is disclosed and purpose-aligned, but it will receive account and trading requests tied to the user's authenticated AIUSD session.
This skill calls the AIUSD backend via MCP. Auth is resolved in order: env `MCP_HUB_TOKEN`, mcporter OAuth, or local `~/.mcp-hub/token.json`.
Use only if you trust the AIUSD/MCP provider, understand what account data is sent, and are comfortable with the provider handling trading requests.