Nautilus Trader
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent trading helper, but it asks for a Hyperliquid private key and includes mainnet leverage/live-trading actions without clear safeguards.
Only install or use this skill if you are intentionally building or deploying trading systems. Treat it as capable of affecting real funds: use testnet or paper trading first, keep private keys out of shared project files, use a dedicated low-balance account, pin and review dependencies, and require explicit approval before any mainnet order, leverage, or position-management action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or generated code mishandles this key, it could place trades or expose funds on the connected Hyperliquid account or vault.
A Hyperliquid private key can authorize trading activity, and the registry metadata declares no required env vars or primary credential, so this high-impact authority is under-declared and not clearly bounded.
Create a `.env` file for Hyperliquid credentials: HYPERLIQUID_PK=your_private_key_without_0x_prefix HYPERLIQUID_VAULT=0xYourVaultAddressHere
Use a dedicated low-balance trading wallet or testnet account, avoid storing a primary wallet key in project files, and require explicit user approval before any live trading or credential use.
Running similar code could materially change trading risk on a real account and increase the chance of financial loss.
The documented setup mutates a mainnet trading account by setting 10x cross leverage. That is purpose-aligned for live trading, but it is high-impact and the supplied artifacts do not show clear confirmation, size limits, or containment controls.
exchange = Exchange(account, constants.MAINNET_API_URL) exchange.update_leverage(10, "SOL", is_cross=True)
Require manual confirmation for leverage changes and order submission, default to paper/testnet trading, cap leverage and trade size, and review all generated trading code before execution.
Dependency changes or an unreviewed patch could alter trading behavior or break live-order handling.
The skill relies on unpinned package installs and a local patch that affects Hyperliquid live trading behavior. This is disclosed and related to the purpose, but it increases dependency and provenance risk for code controlling financial actions.
pip install nautilus_trader pip install hyperliquid-python-sdk eth-account python-dotenv ... # CRITICAL: Import patch BEFORE Nautilus Trader import hyperliquid_patch
Pin dependency versions, inspect the patch source before use, install in an isolated virtual environment, and test on testnet or with very small balances before mainnet deployment.