Hyperliquid Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple Hyperliquid market-data helper whose network calls and optional wallet/API settings fit its stated purpose.

Install only if you are comfortable with the agent querying Hyperliquid over the network. Basic market data does not require credentials; if you use portfolio or authenticated features, provide only the minimum necessary wallet address or a limited/read-only API key and avoid private keys or highly privileged credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly references wallet-based portfolio tracking and authenticated API use but does not warn users that wallet addresses and API keys may be shared with an external third-party service. In an agent/skill context, this omission can lead users or downstream tooling to transmit sensitive identifiers or credentials without informed consent, increasing privacy and account-risk exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal