Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hyperliquid Trading & Analysis
v1.0.0Trade and monitor Hyperliquid perpetual futures. Check balances, view positions with P&L, place/cancel orders, execute market trades. Use when the user asks about Hyperliquid trading, portfolio status, crypto positions, or wants to execute trades on Hyperliquid.
⭐ 20· 6.2k·47 current·49 all-time
byAna@anajuliabit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, README, SKILL.md and code implement a Hyperliquid trading/monitoring CLI using the official SDK and CoinGecko — that aligns with the stated purpose. However, the registry metadata declares no required environment variables or primary credential even though the skill clearly needs HYPERLIQUID_PRIVATE_KEY (for trading) and HYPERLIQUID_ADDRESS (for read-only queries). This metadata mismatch is unexpected and reduces transparency.
Instruction Scope
SKILL.md instructs users to set environment variables (private key/address) and to run npm install in the scripts folder — expected for a CLI. But one script (scripts/check-positions.mjs) reads and writes a hardcoded absolute file path (/home/ana/clawd/trading-state.json). That file I/O is unrelated to core trading functionality, uses an absolute path tied to a developer's environment, and could overwrite local files if present. The skill also instructs storing private keys in env vars (common but sensitive) and will sign/send orders autonomously when invoked.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs running 'npm install' in the scripts directory. Dependencies are standard packages from the npm registry (hyperliquid, ethers, node-fetch). This is typical but still carries the usual supply-chain risks of installing third-party npm packages; there are no remote downloads from untrusted URLs or archive extracts.
Credentials
Trading requires HYPERLIQUID_PRIVATE_KEY and read operations use HYPERLIQUID_ADDRESS; those are reasonable for this skill. The problem is the registry metadata advertises no required env vars or primary credential — so the skill's secret needs are not declared centrally. That mismatch reduces visibility and increases the chance a user may unknowingly expose a private key. The skill also supports testnet via HYPERLIQUID_TESTNET, which is fine.
Persistence & Privilege
The skill is not marked 'always', and model invocation is allowed (platform default). Because the skill can execute signed trades when a private key is available, autonomous invocation increases blast radius: if the agent is allowed to call the skill without per-invocation confirmation and the private key is present in the environment, it could place/cancel orders. The hardcoded state file path represents persistent local effects (writes to disk) that are outside the minimal expected scope.
What to consider before installing
This skill appears to implement a legitimate Hyperliquid trading CLI, but take these precautions before installing or giving it secrets: 1) Don't put your main private key in the system-wide environment for the agent — use a dedicated, ephemeral key or a vault and test first on testnet. 2) Inspect or run the code in an isolated environment (container/VM) because it will install npm packages and the scripts write to a hardcoded path (/home/ana/clawd/trading-state.json) which could overwrite local files. 3) Prefer running read-only operations first (set only HYPERLIQUID_ADDRESS) and verify outputs. 4) Ask the publisher to update registry metadata to declare HYPERLIQUID_PRIVATE_KEY and HYPERLIQUID_ADDRESS as required so tools and reviewers can see secret requirements up-front. 5) If you want to use the skill, consider running it with restricted filesystem permissions and without enabling autonomous invocation, or require explicit user confirmation before any trade-executing calls.Like a lobster shell, security has layers — review code before you run it.
latestvk9717r9pegfaft0fy5ktpf2ewn80013k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.