Back to skill
Skillv1.0.7
VirusTotal security
Coinpilot Hyperliquid Copy Trade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:03 AM
- Hash
- da7453c990c22d7b5fb4ae7b0ef95d0594819aa8ca57aabbb73b5cf211a84b4d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coinpilot-hyperliquid-copy-trade Version: 1.0.7 The skill manages high-sensitivity credentials, including an API key and 10 wallet private keys stored in `~/.coinpilot/coinpilot.json`, which are transmitted to `api.coinpilot.bot` to execute copy trades. While the code in `scripts/coinpilot_cli.mjs` and the instructions in `SKILL.md` include robust security measures—such as strict API domain allowlisting, automated secret redaction in logs, and explicit defensive prompts to prevent the agent from leaking keys—the inherent risk of handling and transmitting raw private keys to a third-party service constitutes a significant high-risk behavior that warrants caution.
- External report
- View on VirusTotal