aiusd-pro
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill delegates financial account actions and trading to an unreviewed npm/backend agent with unclear permission, approval, and data-retention boundaries.
Treat this as a high-risk financial integration. Do not use it with real funds until you verify the npm package source and version, understand the AIUSD login permissions, and require explicit confirmation of every transaction detail before allowing any trade or position change.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed, compromised, or impersonated npm package could run locally and act in the context of the user's trading session.
The user's agent is instructed to download and execute an npm package at runtime, but the submitted artifact set contains no package code, pinned version, source URL, or provenance. Because this package is used for trading and account operations, the supply-chain gap is material.
All commands in this skill use `npx -y aiusd-pro` as the CLI prefix. This works without any global installation — npx resolves the package from npm automatically.
Verify the npm package publisher, source repository, and version before use; prefer a pinned, reviewed version and avoid running it for real funds until provenance is established.
Misinterpretation, backend error, or prompt/context confusion could lead to unintended trades, staking, leverage, or other financial actions.
The skill delegates tool choice and financial execution to a backend agent. The artifacts do not require the local agent to independently verify exact trade details or obtain explicit confirmation before every transaction.
Backend agent operations take 10-300 seconds (tool calls, reasoning, trading, transaction confirmation). ... Backend agent handles all domain knowledge, tool selection, and multi-step reasoning.
Before any transaction, require a clear user confirmation that includes asset, amount, venue, leverage, fees, slippage, and account; do not treat backend confirmation behavior as sufficient on its own.
Users may authorize account access capable of viewing balances or placing trades without understanding the permission scope.
The skill requires authenticated account access, but the registry metadata declares no primary credential or env vars and the instructions do not specify what account permissions the login grants or how they are limited.
If `npx -y aiusd-pro send` fails with auth error, run login: ... `npx -y aiusd-pro login --browser` ... `npx -y aiusd-pro login --poll-session <session_id>`
Confirm what permissions the AIUSD login grants, use the least-privileged account/session possible, and revoke access after testing if the scope is unclear.
Sensitive financial instructions and account context may be processed by a backend service whose boundaries are not clear from the submitted artifacts.
User requests about balances, trades, and positions are sent to an external backend AI agent, but the artifacts do not describe the backend identity, API boundary, permissions, or data handling controls.
Chat with AIUSD using natural language. This skill delegates to a backend AI agent
Review AIUSD's service documentation and privacy/security terms before sending sensitive account information or live trading instructions.
Prior messages containing sensitive financial details could persist and affect future decisions or remain available longer than expected.
The backend stores and reuses prior conversation context, but the artifacts do not define retention duration, cross-session boundaries, deletion behavior, or safeguards against stale/poisoned context influencing later trading requests.
Session context is maintained automatically across `send` calls. The backend agent remembers all previous messages in the session.
Use `session reset` for fresh tasks, avoid sharing unnecessary sensitive information, and verify retention/deletion behavior before using live accounts.