Aevo Trading Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate AEVO trading helper, but it can ask for private trading keys and perform real leveraged exchange actions under broad activation rules.
Install only if you intentionally want an AI agent to access and potentially trade your AEVO account. Start with testnet or read-only keys, verify the MCP server/package, confirm mainnet versus testnet before any order, do not share a wallet private key unless truly required, and require explicit confirmation for every trade, leverage change, strategy, or cancellation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A general crypto or derivatives conversation could be steered into AEVO account onboarding or credential prompts before the user clearly asked to trade on AEVO.
The activation criteria are broader than explicit AEVO trading/account requests, and mandatory onboarding can start an authentication flow.
Use this skill whenever the user mentions AEVO, asks about crypto derivatives or perpetual futures trading... Also trigger when the user has AEVO MCP tools connected, even if they don't mention AEVO by name. ... Always call `aevo_onboard` first at the start of every session.
Only invoke the skill when the user explicitly wants AEVO analysis, account access, or trading; do not provide credentials during unrelated market discussions.
If these secrets are mishandled or sent to an untrusted MCP server, they could enable unauthorized trading or account actions.
These credentials grant high-impact account and signing authority, including an optional wallet private key that is broader than a normal exchange API key.
Tier 2 -- Full trading access: `api_key` + `api_secret` + `wallet_address` + `signing_key_private_key`... Optional: `wallet_private_key` ... enables `aevo_register_account`.
Prefer read-only API keys or testnet first, avoid providing a wallet private key unless absolutely necessary, verify the MCP server is official, and clear credentials after use.
Approved tool calls can place orders, cancel orders, update leverage, or execute multi-leg strategies that may lose money.
Full trading authority is expected for this skill's purpose, and the skill includes confirmation/risk-check rules, but the capability is financially high impact.
45 MCP tools that give you full read and write access to the AEVO exchange
Review every order, leverage change, cancellation, and strategy leg before confirming; use small sizes or testnet while validating the setup.
Security depends on the external MCP package or hosted AEVO service behaving as documented.
The runtime implementation is an external package or hosted endpoint; it is user-directed and purpose-aligned, but not included for code review.
"command": "uvx", "args": ["mcp-aevo-server"] ... "url": "https://mcp.aevo.xyz/mcp"
Verify the package/source, consider pinning a trusted version, and prefer the official testnet endpoint before using real funds.
Your AEVO credentials may be transmitted to and handled by the configured MCP endpoint.
Credentials may be passed through a hosted MCP service boundary, which is disclosed and purpose-aligned but sensitive.
"headers": { "AEVO-KEY": "your-api-key", "AEVO-SECRET": "your-api-secret" } ... Authenticate via `AEVO-KEY` and `AEVO-SECRET` headers, or call `aevo_authenticate` after connecting.Use only trusted endpoints over HTTPS, avoid sending more credentials than needed, and use scoped/read-only keys where possible.