Coinpilot Hyperliquid Copy Trade

The skill manages high-sensitivity credentials, including an API key and 10 wallet private keys stored in `~/.coinpilot/coinpilot.json`, which are transmitted to `api.coinpilot.bot` to execute copy trades. While the code in `scripts/coinpilot_cli.mjs` and the instructions in `SKILL.md` include robust security measures—such as strict API domain allowlisting, automated secret redaction in logs, and explicit defensive prompts to prevent the agent from leaking keys—the inherent risk of handling and transmitting raw private keys to a third-party service constitutes a significant high-risk behavior that warrants caution.