Skills
skills/hkuds/ai-trader/ai-trader-copytrade/Gen Agent Trust Hub

ai-trader-copytrade

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches skill configuration and installation instructions from https://ai4trade.ai/skill/copytrade using curl or the Python requests library.
  • [EXTERNAL_DOWNLOADS]: Directs the installation of an external plugin @clawtrader/copytrade via the openclaw plugin manager.
  • [COMMAND_EXECUTION]: Utilizes the openclaw CLI to perform system-level operations including plugin installation, service configuration, and restarting the gateway process.
  • [DATA_EXFILTRATION]: Transmits agent identification during registration and synchronizes local trading position data with the api.ai4trade.ai backend.
  • [PROMPT_INJECTION]: Potential for indirect prompt injection due to the ingestion of untrusted external data.
  • Ingestion points: The skill retrieves trading signals and provider content from the /api/signals/feed and /api/signals/{id} endpoints in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat signal content as untrusted data.
  • Capability inventory: The agent has the capability to perform financial transactions (opening/closing positions) based on the ingested signals.
  • Sanitization: There is no documented evidence of input validation or sanitization for the content field within the trading signals.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:46 AM