Skillv1.0.0

ClawScan security

Aevo Trading Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 1:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior is broadly consistent with a trading assistant, but registry metadata and documentation disagree about how credentials are supplied/persisted and the skill asks for sensitive signing keys without declaring them — this mismatch warrants caution before installing.
Guidance: This skill appears to be a legitimate AEVO trading assistant, but before installing consider the following: - Credentials: The skill will need AEVO API keys and signing/private keys for trading. Do NOT paste or upload your wallet private key or signing key unless you fully trust the MCP endpoint and the skill provider. Prefer providing read-only API keys for initial testing. The registry metadata does not declare these env vars — treat that as a red flag and ask the publisher why. - Persistence: SKILL.md promises in-memory session storage, but README examples show adding credentials to local config or sending them to a hosted MCP (mcp.aevo.xyz). Storing private keys in persistent config or sending them to third-party hosted endpoints increases risk. If you must test, use AEVO testnet keys and minimal privileges. - Hosted MCP endpoints: If you connect to a hosted MCP (e.g., mcp.aevo.xyz), verify the endpoint's authenticity and TLS cert, and understand that headers/env-vars will transmit secrets to that host. Prefer local MCP servers or ephemeral credentials where possible. - Confirmation controls: The skill enforces confirmation and risk checks in its instructions, which is good; make sure your client actually enforces those interactive confirmations (do not allow fully autonomous execution without user prompts). - What would change this assessment: publisher identity and provenance (who published the skill), an explicit declaration of required env vars/primary credential in registry metadata, or code/install artifacts showing how credentials are handled. If you can verify the MCP server package (mcp-aevo-server) source and its integrity, that reduces risk. Recommendation: Treat this as potentially useful but sensitive — do not supply real signing or wallet private keys until you validate the MCP server endpoint and publisher; start with testnet/read-only keys and verify behavior.

Review Dimensions

Purpose & Capability: noteThe name/description match the runtime instructions: the skill documents MCP tools for market data, portfolio management, order execution, risk checks and options strategies. That functionality legitimately requires API keys and signing keys for trading, which the SKILL.md explains. However, the registry metadata lists no required environment variables or primary credential even though the skill clearly expects API credentials and private signing keys at runtime (via aevo_authenticate or MCP server headers). This metadata/documentation mismatch is noteworthy.
Instruction Scope: okSKILL.md instructs the agent to call AEVO MCP tools, run risk checks, require explicit user confirmation for destructive actions, and to store session credentials in memory only. The instructions stay within trading scope and do not direct the agent to read arbitrary local files or exfiltrate unrelated data. One note: the skill says it should 'trigger when the user has AEVO MCP tools connected, even if they don't mention AEVO by name', which may broaden invocation but is consistent with an integration.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code to write to disk — lowest-risk install profile. README references an external MCP server package (mcp-aevo-server on PyPI) and hosted MCP endpoints; those are external integration points but are not installed by the skill itself.
Credentials: concernThe skill requires sensitive credentials for full functionality (api_key, api_secret, wallet_address, signing_key_private_key, and optionally wallet_private_key), but the published registry metadata declares no required env vars or primary credential. The README shows examples of adding credentials to local MCP client config or sending them as headers to hosted MCP endpoints (https://mcp.aevo.xyz/mcp), which would persist or transmit sensitive keys outside the current session. The discrepancy and the presence of signing/private keys (which can move funds) are proportional to the trading purpose but should be explicitly declared in metadata and usage guidance.
Persistence & Privilege: noteSKILL.md states session credentials are stored in memory only and can be cleared with aevo_clear_auth (good practice). However README examples recommend placing credentials into local client config or environment variables or sending them as headers to a hosted MCP endpoint — those are persistent and transmit-sensitive data. The skill itself does not request permanent presence (always is false) and does not modify other skills, which is appropriate.