Hyperliquid Trading & Analysis
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a real Hyperliquid trading tool, but it under-declares live trading private-key authority and stores portfolio state in an unexpected hard-coded local file.
Review before installing. This skill can trade real perpetual futures if given a private key, so use testnet or a dedicated limited wallet, verify every order manually, and do not expose a main wallet key. Also inspect or remove the hard-coded trading-state file behavior and confirm your `.env` secrets are actually protected.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured with a real private key, the agent can place or cancel live futures orders on the user’s account.
A Hyperliquid private key enables live account trading, but the supplied metadata declares no required environment variables and no primary credential, so the permission boundary is under-disclosed for a high-impact financial capability.
For trading operations: - Set `HYPERLIQUID_PRIVATE_KEY` environment variable
Only use a limited, dedicated trading key or wallet; prefer testnet first; ensure the registry metadata declares the credential and require explicit confirmation for every live trade.
A mistaken or poorly confirmed invocation could open, increase, reduce, or cancel positions/orders.
The CLI directly exposes order placement and cancel-all operations. This is purpose-aligned for a trading skill, but these commands are financially high-impact and have no code-level confirmation prompt.
await sdk.exchange.placeOrder({ ... reduce_only: false ... }); ... await sdk.custom.cancelAllOrders(coin);Require explicit user confirmation with coin, side, size, price/slippage, account, and mainnet/testnet status before invoking any trading or cancellation command.
Portfolio and position data may remain on disk in an unexpected location and could be reused, exposed, or overwritten outside the user’s intended scope.
The script persists financial account state, including current positions and account size, to a hard-coded absolute path outside the skill directory without disclosure in SKILL.md.
const stateFile = '/home/ana/clawd/trading-state.json'; ... tradingState.current_positions = state.assetPositions || []; ... writeFileSync(stateFile, JSON.stringify(tradingState, null, 2));
Make state persistence opt-in, store it under a user-controlled skill directory, disclose the exact path and contents, and provide a cleanup/disable option.
Users may assume private-key setup files and ignore rules exist when they were not included in the reviewed artifacts.
The manifest provided does not include `.env.example` or `.gitignore`, and the registry says there is no install spec even though npm dependencies must be installed. This is mainly a documentation/provenance gap, but it matters because the setup involves a private key.
cp .env.example .env ... It's already in `.gitignore`.
Include the referenced setup files, declare the npm install step and required environment variables in metadata, and verify `.env` files are actually ignored before adding secrets.