Skillv1.0.0

ClawScan security

aiusd-pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 2:39 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for a Node-based trading CLI, but it instructs the agent to fetch and execute an unverified npm package via npx (no homepage/source provided), which creates significant supply‑chain and privacy risk before you can trust it.
Guidance: This skill functions by invoking 'npx -y aiusd-pro', which downloads and runs an npm package at runtime — a significant supply-chain risk. Before installing or using it: verify the npm package and its source repository/homepage, review the package code (or prefer a vetted binary), avoid providing private keys or wallet seeds, run the CLI in a sandboxed environment if possible, and confirm what the backend will do with your account/session data. If you cannot verify the package origin, treat it as untrusted and do not use it for real trading or with any real funds.

Review Dimensions

Purpose & Capability: noteName/description (AI trading CLI) aligns with requiring node and using a CLI. However the package provenance is missing (no homepage/source) and the registry owner is unknown — for a financial/trading tool that matters for trust.
Instruction Scope: concernRuntime instructions tell the agent to run npx -y aiusd-pro commands, always relay stdout 'as-is' including a browser link, and run long-running background tasks. This delegates trading decisions and execution to a remote backend and asks the agent to expose returned links and outputs verbatim — increasing chance of leaking sensitive data or following untrusted links.
Install Mechanism: concernThere is no install spec, but the SKILL.md explicitly uses npx -y aiusd-pro, which downloads and executes code from the npm registry at runtime. That is a high-risk dynamic install (supply-chain/execution of unvetted code), especially given no homepage or repo to audit.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate on its face. But a trading tool will likely require browser-based authentication or wallet connections at runtime — the instructions rely on a login flow (browser + session_id) without clarifying what credentials or keys may be exposed to the backend.
Persistence & Privilege: okalways:false and no install/write steps are declared. The skill does not request persistent system privileges. It can run autonomously (platform default), which increases blast radius but is not by itself a disqualifying issue.