Coinpilot Hyperliquid Copy Trade
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it deserves careful review because it requires many crypto private keys and can automate live trading actions that may affect funds.
Install only if you are comfortable giving a local agent runtime access to Coinpilot credentials and multiple wallet private keys for live trading. Use separate low-balance wallets, verify the fixed credentials file path, never paste keys into chat, and require confirmations, allocation caps, loss limits, and stop conditions before allowing automated copy-trading actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromise or misuse of this local config could expose multiple trading wallets and enable unwanted trading activity.
The runtime enforces exactly 10 wallet entries and requires a private key for each one. That is broad, high-impact credential access, especially if a user only intends to use one follower wallet.
if (!Array.isArray(data.wallets) || data.wallets.length !== 10) { throw new Error("wallets must be an array with exactly 10 entries (1 primary + 9 subwallets)"); } ... if (!wallet.privateKey || typeof wallet.privateKey !== "string") { throw new Error("wallet.privateKey must be a string"); }Use dedicated low-balance wallets, avoid storing more follower keys than needed, and ask the publisher to support least-privilege configurations with fewer wallets.
Users may not see the true credential sensitivity from install metadata before enabling the skill.
The registry metadata does not declare the credential/config requirement even though the skill artifacts require ~/.coinpilot/coinpilot.json with API keys and wallet private keys.
Primary credential: none Required config paths: none
The skill should declare its fixed credentials path and high-sensitivity wallet-key requirement in metadata, not only in README/SKILL instructions.
A mistaken prompt or broad instruction could change live trading positions or close positions unexpectedly.
The documented API supports state-changing trading operations, including starting copy-trading subscriptions and closing all positions. This is expected for the stated purpose but financially sensitive.
POST /experimental/:wallet/subscriptions/start ... Body (required): primaryWalletPrivateKey, followerWalletPrivateKey ... POST /users/:userId/subscriptions/:subscriptionId/close-all
Require explicit user confirmation, spending/allocation limits, and clear subscription IDs before any start, stop, update, or close-all action.
Users may place more trust in the integration than is warranted for a workflow that handles and transmits private-key credentials for trading.
The self-custody wording could lead users to underestimate that private-key material is used in API requests to Coinpilot.
**Self-Custodial Execution**: Powered by Privy. Your keys, your crypto. ... Coinpilot API calls from this skill require `x-api-key`, `x-wallet-private-key`, and `x-user-id`
Clarify exactly when private keys are sent to Coinpilot, what Coinpilot can do with them, and what limits protect the user's funds.
If left running without clear limits, an agent could continue making trading changes after the user forgets about the task.
The examples invite user-requested recurring autonomous portfolio management. No hidden persistence is shown, but ongoing trading automation should be bounded.
"Send me a portfolio health update every hour" ... "Monitor my portfolio every hour, rebalance by stopping weaker subscriptions and starting stronger replacements, and execute the required config or position actions based on my rules."
Use explicit duration, stop conditions, maximum allocation/loss limits, and confirmation rules for any recurring monitoring or rebalancing task.