ClawHub

aiusd-core

Security checks across malware telemetry and agentic risk

Overview

This is a coherent real-money trading skill, but it grants broad fund-moving and automated trading authority with under-scoped safety controls.

Install only if you trust the aiusd-core npm package and are comfortable giving an agent trading-account authority. Use a dedicated low-balance wallet, avoid restoring valuable mnemonic backups, verify where tokens are stored, and require explicit confirmation for every trade, withdrawal, staking action, transfer, auto-funding step, and monitor setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list for the market domain includes broad phrases such as "market data" and "stock prices," which can cause this fund-capable trading skill to activate for generic informational requests. In a high-risk financial skill, unintended invocation increases the chance the agent enters a workflow that can lead to account access, trading prompts, or other fund-affecting actions when the user only wanted passive information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section describes wallet creation, browser login, token persistence, and mnemonic restore for a system that can move funds, but it does not prominently warn users that these actions create or connect real financial accounts and may store credentials locally. In this context, missing disclosure is dangerous because users may authorize account creation, restoration, or later fund-affecting operations without understanding the security and custody implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents commands that directly stake funds, unstake with a lock period, withdraw assets to a wallet, and spend AIUSD for gas top-ups, but it does not warn that these actions move funds, may be irreversible, and can incur delays, slippage, fees, or loss from using the wrong chain or address. In an agent-executable trading/account-management skill, omission of these warnings increases the risk that an agent or user triggers financially consequential actions without adequate confirmation or understanding.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes live spot trading and wallet transfer commands involving real funds, including market orders when --price is omitted, but provides no warnings, confirmation requirements, or risk guidance. In an agent context, this increases the chance of unintended or irreversible trades, mistaken transfers between wallets, and execution at unfavorable prices, especially if the model acts autonomously from natural-language requests.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes a monitoring feature that can automatically execute buy orders using a real budget, but it does not prominently warn the user that enabling monitoring may spend funds without a separate confirmation at trigger time. In a trading/account-management skill, this omission is especially dangerous because users may interpret monitoring as passive alerts rather than delegated trading authority, leading to unintended real-money transactions and financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill exposes commands for leveraged perpetual trading and direct fund transfers without explicit warnings about financial loss, liquidation risk, or the irreversible nature of deposits, withdrawals, and market orders. In an agent setting, missing safety language increases the chance that a user or upstream agent invokes high-risk actions without meaningful confirmation or understanding of consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill documents commands that can place trades, sell positions, and trigger automatic funding when balances are insufficient, but it provides no warning that these actions can spend real funds or materially change account state. In an agent setting, that omission increases the risk of unsafe autonomous execution because a user or downstream agent may interpret the examples as routine read-only operations rather than financially consequential actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill documents executable spot trading commands but does not clearly warn that they can trigger real market buy/sell actions using the user's funds. In an agent setting, that omission increases the risk of unintended or overly-trusted execution, especially because the examples and defaults make trading appear routine and low-friction across supported chains.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal