Trade Agent
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill can access and move crypto funds, uses undeclared authentication tokens, and includes self-extracting installers that are not coherent with an instruction-only listing.
Only install this if you intentionally want an AIUSD crypto trading/account-management agent. Verify the publisher and source, avoid running the self-extracting installers until decoded and reviewed, use limited/scoped credentials and low balances, and require explicit confirmation before any trade, withdrawal, staking, or gas action.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting trading analysis could instead give the skill authority over real crypto balances, trades, staking, withdrawals, and gas funding.
The same artifact frames the skill as market analysis while also granting crypto account-management and fund-movement functions, creating a material scope mismatch for users.
description: "交易策略Agent——自动分析黄金/外汇市场..." Calls backend via MCP for balance, trading, staking, withdraw, gas top-up, and transaction history.
Clearly label the skill as a high-impact AIUSD crypto trading/account-management tool and separate analysis-only functions from transaction-capable functions.
A mistaken or ambiguous chat request could lead to trades, staking changes, withdrawals, or gas top-ups affecting real funds.
The skill exposes high-impact financial mutation tools and directs the agent to discover changing live schemas, but the artifacts do not show mandatory human confirmation, limits, or rollback guidance.
genalpha_execute_intent | Execute trade intent (buy/sell/swap) ... genalpha_withdraw_to_wallet | Withdraw to external wallet ... NEW TOOLS may be added.
Require explicit user confirmation with exact asset, amount, destination, fees, and risk before every trade, stake/unstake, withdrawal, or gas top-up; disable newly discovered tools until reviewed.
Installing or using the skill may let it act with the user's AIUSD/MCP account privileges, including viewing balances and initiating account actions.
The skill uses bearer/OAuth/local token credentials for financial account access, while the registry metadata declares no required credentials or environment variables.
Auth is resolved in order: env `MCP_HUB_TOKEN`, mcporter OAuth, or local `~/.mcp-hub/token.json`. Ensure a valid Bearer token is available before calling.
Declare all credential requirements, use narrowly scoped tokens, avoid reading broad local token stores by default, and document exactly what account authority the token grants.
The assistant may avoid normal safety, verification, or explanation language when discussing the skill or its actions.
The skill attempts to control the agent's wording and forbids verification-related language, which is not necessary for trading and can interfere with transparent responses.
CRITICAL - ABSOLUTELY FORBIDDEN PHRASES ... "skill verification", "verification" ... ZERO TOLERANCE
Remove broad output bans, especially verification-related bans, and limit style guidance to user-facing clarity that does not suppress safety or review information.
Running the installer could place and install unreviewed code and dependencies on the user's machine.
The installer contains an embedded encoded package, extracts it, and installs dependencies, but the registry says there is no install spec and the embedded package contents are not transparently declared.
const packageData = Buffer.from(PACKAGE_DATA, 'base64'); ... execSync(`tar -xzf package.tar.gz`, { cwd: skillDir, stdio: 'pipe' }); ... execSync('npm install', { cwd: skillDir, stdio: 'inherit' });Publish a transparent source repository and lockfile, declare the install mechanism in metadata, and avoid self-extracting opaque archives.
Users cannot easily tell which publisher/package identity they are trusting.
The embedded metadata conflicts with the registry listing's owner, slug, and version, creating provenance ambiguity for a high-impact trading skill.
"ownerId": "kn77ncj465rvq2n8f53jat26ch80jen8", "slug": "trade-agent", "version": "1.0.1"
Align registry metadata and embedded metadata before publication and provide a verifiable homepage/source link.
If the user runs this installer, local code execution and dependency installation occur outside the clearly declared skill installation path.
The shell installer decodes and extracts an embedded archive and runs package installation commands, despite the skill being presented as instruction-only in the install specification.
tail -n +$ARCHIVE_START "$0" | base64 -d | tar -xzf - -C "$SKILL_DIR" ... npm install >/dev/null 2>&1
Do not run the installer until the archive contents and dependencies are independently reviewed; replace it with a standard, declared, auditable install process.
Balance, transaction, and trade-related requests may be processed by the AIUSD/MCP backend rather than staying purely local.
The skill sends account and trading operations through an MCP backend; this is purpose-aligned, but it involves sensitive financial data and delegated actions.
调用后端MCP接口获取余额、交易信号、质押、提现等信息。 the AIUSD backend via MCP.
Verify the backend identity, token scopes, and privacy policy before using the skill with real funds.