The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/trade.mjs is vulnerable to shell command injection. It constructs a shell command using execSync by mapping command-line arguments into a string with insufficient escaping (only wrapping in single quotes). An attacker or malicious input could break out of the quotes to execute arbitrary system commands.\n- [COMMAND_EXECUTION]: The skill documentation (SKILL.md) defines a strict 'Iron Rule' prohibiting automatic trade confirmation, yet the scripts/auto-trade.mjs utility explicitly bypasses this safety mechanism by hardcoding confirmed: 'true' and setting an environment variable (AICOIN_INTERNAL_CALL: '1') that disables the two-step verification process in the underlying trading engine.\n- [REMOTE_CODE_EXECUTION]: The file scripts/exchange.mjs contains logic to automatically run npm install if the ccxt package is not found. This allows for the execution of remote code downloaded from the NPM registry during the skill's runtime execution.\n- [CREDENTIALS_UNSAFE]: The file lib/defaults.json contains a hardcoded accessKeyId and accessSecret for the AiCoin API. While described as a public free tier, hardcoding secrets in skill files is a violation of security best practices.\n- [CREDENTIALS_UNSAFE]: Multiple scripts (lib/aicoin-api.mjs, scripts/api-key-info.mjs) proactively scan and read sensitive .env files from hardcoded paths in the user's home directory (e.g., ~/.openclaw/workspace/.env), potentially exposing local credentials to the agent context.\n- [EXTERNAL_DOWNLOADS]: The skill performs unauthorized external downloads via npm install within scripts/exchange.mjs to fetch dependencies at runtime.

aicoin-trading