Hyperliquid Trading & Analysis
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: hyperliquid-trading Version: 1.0.0 The skill is classified as suspicious due to the `scripts/check-positions.mjs` file directly reading from and writing to an absolute path `/home/ana/clawd/trading-state.json`. While the apparent intent is to persist trading state (last check, positions, account size), direct file I/O to an absolute path outside the skill's dedicated data directory represents a risky capability that could be abused if the path or content were altered, even though no clear malicious intent (like data exfiltration or persistence) is present in this specific implementation. All other files and instructions appear benign, focusing on legitimate Hyperliquid trading and market analysis via CoinGecko.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured with a real private key, the agent can place or cancel live futures orders on the user’s account.
A Hyperliquid private key enables live account trading, but the supplied metadata declares no required environment variables and no primary credential, so the permission boundary is under-disclosed for a high-impact financial capability.
For trading operations: - Set `HYPERLIQUID_PRIVATE_KEY` environment variable
Only use a limited, dedicated trading key or wallet; prefer testnet first; ensure the registry metadata declares the credential and require explicit confirmation for every live trade.
A mistaken or poorly confirmed invocation could open, increase, reduce, or cancel positions/orders.
The CLI directly exposes order placement and cancel-all operations. This is purpose-aligned for a trading skill, but these commands are financially high-impact and have no code-level confirmation prompt.
await sdk.exchange.placeOrder({ ... reduce_only: false ... }); ... await sdk.custom.cancelAllOrders(coin);Require explicit user confirmation with coin, side, size, price/slippage, account, and mainnet/testnet status before invoking any trading or cancellation command.
Portfolio and position data may remain on disk in an unexpected location and could be reused, exposed, or overwritten outside the user’s intended scope.
The script persists financial account state, including current positions and account size, to a hard-coded absolute path outside the skill directory without disclosure in SKILL.md.
const stateFile = '/home/ana/clawd/trading-state.json'; ... tradingState.current_positions = state.assetPositions || []; ... writeFileSync(stateFile, JSON.stringify(tradingState, null, 2));
Make state persistence opt-in, store it under a user-controlled skill directory, disclose the exact path and contents, and provide a cleanup/disable option.
Users may assume private-key setup files and ignore rules exist when they were not included in the reviewed artifacts.
The manifest provided does not include `.env.example` or `.gitignore`, and the registry says there is no install spec even though npm dependencies must be installed. This is mainly a documentation/provenance gap, but it matters because the setup involves a private key.
cp .env.example .env ... It's already in `.gitignore`.
Include the referenced setup files, declare the npm install step and required environment variables in metadata, and verify `.env` files are actually ignored before adding secrets.