ClawHub

Coinpilot Hyperliquid Copy Trade

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed copy-trading tool, but it handles raw wallet private keys and can execute live trading actions without built-in confirmation safeguards.

Install only if you understand that a local agent and Coinpilot will handle raw wallet private keys and can place or close live trades. Use dedicated low-balance wallets, protect ~/.coinpilot/coinpilot.json with strict permissions, verify the API URL, and require your own confirmation before any start, stop, update, close, or recurring automation request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README includes example prompts for autonomous trade execution, closing positions, and emergency portfolio actions without requiring a confirmation step or prominently warning that these actions can cause immediate, irreversible financial loss. In this skill's context, the risk is elevated because the agent is connected to live trading infrastructure and local private keys, so natural-language prompts can directly trigger sensitive actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation instructs clients to transmit highly sensitive wallet private keys in HTTP headers and, for some write routes, again in the request body. Even over HTTPS, this greatly increases exposure through client logs, reverse proxies, error monitoring, browser/dev tooling, and server-side request logging, and the skill context explicitly states a local credentials JSON contains high-sensitivity secrets, which makes this especially dangerous in an automation workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI exposes destructive trading operations such as stopping subscriptions and closing positions without any interactive confirmation, dry-run step, or explicit force flag. In a high-sensitivity trading skill that manages real funds and private keys, accidental invocation, scripting mistakes, or argument mix-ups can immediately trigger unwanted trading actions and financial loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal