Hyperliquid Trading & Analysis
Security checks across malware telemetry and agentic risk
Overview
The skill matches its Hyperliquid trading purpose, but it handles a crypto private key for real trades, under-declares that credential, and writes account state to an under-documented local file.
Review carefully before installing. Only use a limited trading key or testnet key, never a main wallet private key, verify every order and cancellation manually, create your own `.gitignore` before storing secrets, install dependencies with the lockfile, and remove or change the hard-coded trading-state file path if you do not want local portfolio persistence.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the private key is set, the agent or scripts can sign real Hyperliquid trading actions, and mistakes or unintended invocations could cause financial loss.
The skill requires a raw private key for trading operations, while the registry metadata lists no primary credential or environment variables. This is purpose-aligned but materially under-declared for a real-money trading skill.
**For trading operations:** - Set `HYPERLIQUID_PRIVATE_KEY` environment variable - Address derived automatically from private key
Use testnet first, prefer a limited Hyperliquid/API/agent wallet instead of a main wallet key, do not set the key globally, and require explicit user approval for every trade or cancellation.
A wrong coin, size, direction, or cancel-all invocation could place unwanted trades or remove protective orders.
The CLI exposes immediate order placement and cancel-all operations. That matches the skill purpose, but these are high-impact account mutations and rely on the agent/user following the prose confirmation guidance.
const result = await sdk.exchange.placeOrder({ ... sz: parseFloat(size), limit_px: slippagePrice, ... reduce_only: false, }); ... const result = await sdk.custom.cancelAllOrders(coin);Manually verify coin, size, side, price, slippage, and cancel scope before allowing the agent to run trading commands.
Sensitive portfolio details may be stored in an unexpected file, and another process or future workflow could rely on stale or modified trading state.
The script persists account positions and account size to a hard-coded absolute path outside the skill directory. This persistence is not clearly described in SKILL.md and may affect or expose local trading state.
const stateFile = '/home/ana/clawd/trading-state.json'; ... tradingState.current_positions = state.assetPositions || []; ... writeFileSync(stateFile, JSON.stringify(tradingState, null, 2));
Remove the hard-coded path, make state storage opt-in, keep it under the skill/workspace directory, and document retention and cleanup behavior.
A user may store a private key in a local .env file believing the repository already protects it from commits when the provided artifacts do not show that protection.
The provided file manifest does not include `.env.example` or `.gitignore`, so the credential-storage guidance appears unsupported by the supplied artifacts.
**Or use `.env` file** (recommended for security): ... `cp .env.example .env` ... **Security**: Never commit your `.env` file. It's already in `.gitignore`.
Create and verify a `.gitignore` entry for `.env` before adding any key, avoid storing a main wallet private key in the skill folder, and update the package to include accurate credential-handling files or instructions.
Installing dependencies brings third-party code into a high-value environment that may also contain trading credentials.
The skill depends on external npm packages for trading and networking. This is expected for the integration, and a lockfile is provided, but the package source is otherwise not well documented.
"dependencies": { "ethers": "^6.9.0", "hyperliquid": "^1.7.7", "node-fetch": "^3.3.2", "ws": "^8.19.0" }Install with the lockfile, review dependency provenance, and avoid exporting the private key in the same shell used for dependency installation.