UnifAI Trading Suite
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: unifai-trading-suite Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of high-risk capabilities, specifically the `execute_trade` action in `src/toolkits/trading_toolkit.py` (even as a placeholder) and the `web3` dependency for on-chain analysis. While these are aligned with the stated purpose of an AI trading agent, they represent powerful functionalities that could lead to financial transactions or blockchain interactions if fully implemented and exposed without stringent safeguards. Additionally, the FastAPI server in `src/api/server.py` uses `allow_origins=['*']` for CORS, which is a broad permission, though common for development. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured UnifAI/account credentials can place trades, an agent may have access to financial actions beyond simple market analysis.
The project documentation says the UnifAI integration can expose order-placement tools, but the supplied skill instructions do not show explicit user approval, trade-size limits, or a read-only tool allowlist.
Polymarket tools are available through UnifAI SDK with full trading capabilities ... limitOrderBuy/Sell ... marketOrderBuy/Sell
Use read-only or least-privilege credentials, remove or block order-placement tools by default, and require explicit user confirmation with clear amounts before any trade.
A user may trust the skill as analysis-only even though the broader package describes capabilities that could affect real trading accounts.
This read-only assurance conflicts with other included documentation describing trade execution and full Polymarket trading capabilities, which could cause users to underestimate the risk of granting credentials.
This tool is read-only; trading requires platform authentication
Update the skill documentation to accurately separate read-only commands from any trading-capable code, and disclose when credentials can enable order placement.
Users may provide the wrong key or a broader-privilege key than needed for read-only analysis.
Provider API keys are expected for UnifAI/Gemini use, but the registry metadata declares no required env vars and scripts check UNIFAI_AGENT_API_KEY instead, creating an unclear credential contract.
requires":{"env":["UNIFAI_API_KEY","GOOGLE_API_KEY"]},"primaryEnv":"UNIFAI_API_KEY"Declare the exact required environment variables in registry metadata and documentation, and specify the minimum permissions each key needs.
Market questions, token topics, or other user-provided text may be sent to external services during analysis.
The skill is designed to send queries through UnifAI and LLM/tool-provider flows; this is purpose-aligned, but the provided user-facing docs do not detail data boundaries or provider handling.
UnifAI Integration: Dynamic tool discovery and agent-to-agent communication
Avoid entering sensitive personal or account information, and review UnifAI/Google data-handling terms before use.