Skills
skills/aicoincom/coinos-skills/aicoin-trading/Gen Agent Trust Hub

aicoin-trading

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/trade.mjs uses execSync to execute commands by concatenating user-supplied arguments into a shell string. Although it attempts to wrap arguments in single quotes, this implementation is susceptible to command injection if arguments contain malicious shell characters.
  • [COMMAND_EXECUTION]: scripts/exchange.mjs automatically executes npm install to download and install dependencies at runtime if the ccxt package is missing, which involves executing arbitrary code from a remote registry.
  • [DATA_EXFILTRATION]: The skill accesses and reads sensitive .env files from multiple locations, including the user's home directory (~/.openclaw/workspace/.env and ~/.openclaw/.env), to harvest exchange API keys and secrets.
  • [COMMAND_EXECUTION]: The skill includes scripts/auto-trade.mjs which uses an internal environment flag (AICOIN_INTERNAL_CALL) to bypass the mandatory manual confirmation step defined in the SKILL.md safety rules, allowing for automated trade execution without user oversight.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external code (the ccxt library) from the public NPM registry during execution if it is not already present in the local environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 10:29 AM