The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded API credentials (accessKeyId and accessSecret) are present in lib/defaults.json. Although labeled as a 'public free-tier' for vendor services, hardcoding secrets remains an unsafe practice.
[EXTERNAL_DOWNLOADS]: The script scripts/exchange.mjs automatically executes npm install --omit=dev if the ccxt library is missing. This behavior performs unverified downloads and installation of external code from the NPM registry at runtime.
[COMMAND_EXECUTION]: Multiple scripts, including scripts/trade.mjs, scripts/auto-trade.mjs, and scripts/exchange.mjs, utilize execSync or execFileSync to execute shell commands or other Node.js scripts. This pattern introduces risk if input parameters are manipulated to execute arbitrary commands.
[PROMPT_INJECTION]: SKILL.md explicitly mandates a two-step confirmation process for all trades. However, scripts/auto-trade.mjs implements an AICOIN_INTERNAL_CALL environment variable that bypasses these safety checks. This creates an attack surface where an indirect prompt injection could influence the agent to trigger automated trades without the required user confirmation.
[DATA_EXFILTRATION]: lib/aicoin-api.mjs and scripts/api-key-info.mjs search for and load .env files from several filesystem locations, including the user's home directory (~/.openclaw/.env). This broad search increases the risk of exposing sensitive environment variables from unrelated applications.

aicoin-trading