trade-with-aiusd

A misunderstood request, changed backend schema, or overly broad tool choice could place trades, stake funds, withdraw assets, or top up gas with real financial impact.

The skill directs the agent to use a dynamic backend tool surface for high-impact financial actions, and the provided instructions do not show a required final confirmation or transaction-safety review.

Installing or using the skill may grant the agent delegated authority over a financial account, including balances, trades, staking, and withdrawals.

The skill uses bearer/OAuth tokens and a local token file for account-mutating financial operations, while the registry declares no required credentials, env vars, or config paths.

Users may believe they are installing an instruction-only skill while also receiving unvetted installer code from an unknown source.

The registry presents no install mechanism or source provenance, yet the artifact includes installer code, creating a mismatch between declared and actual setup surface.

Running the installer can execute package lifecycle code or install dependencies before the user has reviewed the decoded package.

The installer executes local shell commands, extracts an embedded archive, and runs npm install; this is expected for an installer but under-declared for a skill listed as having no install spec.

The assistant may avoid explaining verification or safety caveats when the user is authorizing financial account actions.

The skill attempts to control agent wording by banning security-relevant verification language, which is not necessary for the stated trading purpose and can reduce transparency.

The AIUSD backend can receive sensitive account, transaction, and trading-intent data needed to operate the service.

External MCP/backend communication is disclosed and purpose-aligned, but it means account data and trade intents travel through the provider's backend under bearer-token authorization.