Back to skill
Skillv1.0.0
ClawScan security
Hyperliquid Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 16, 2026, 5:49 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's described functionality matches the simple curl/jq calls in SKILL.md, but there are mismatches around declared credentials and potential privacy/leakage (wallet address sent to an external API) that warrant caution.
- Guidance
- This skill appears to do what it says (calls Hyperliquid API and parses results), but there are several things to check before installing: - Source and provenance: There is no homepage or source. Ask the publisher for a repository or documentation so you can inspect what will be called and how data is handled. - Wallet privacy: The skill asks for a wallet address (declared as primaryEnv). A wallet address is not a secret key but can be used to fetch on-chain holdings and link activity to you. Only provide it if you trust api.hyperliquid.xyz and the skill owner. - Missing API key declaration: SKILL.md mentions HYPERLIQUID_API_KEY as optional but it is not declared in the registry metadata. If you plan to use an API key, insist it be declared and scoped with least privilege. - Network behavior & polling: The notes on 5-second refreshes imply frequent outbound requests. If you allow autonomous invocation, consider the privacy and rate-limit implications; consider limiting autonomous runs or disabling autonomous invocation until you verify behavior. - Verify endpoints manually: Run the provided curl commands yourself to inspect responses and ensure no unexpected data exchange happens before granting any env vars. Given these inconsistencies and privacy implications, proceed cautiously: request source code or a homepage, confirm how the wallet address is used/stored/transmitted, and avoid putting sensitive credentials into the environment until you can verify the implementation.
Review Dimensions
- Purpose & Capability
- noteName/description (Hyperliquid market analysis) align with the provided curl calls to api.hyperliquid.xyz and use of curl/jq. However, registry metadata declares HYPERLIQUID_WALLET_ADDRESS as the primary credential while SKILL.md marks the wallet address as optional and also mentions an optional HYPERLIQUID_API_KEY that is not declared in the registry — an inconsistency in declared vs. documented credentials.
- Instruction Scope
- concernRuntime instructions are limited to calling api.hyperliquid.xyz and parsing JSON with jq (no filesystem or unrelated env access). But portfolio tracking implies the agent may transmit the provided wallet address (privacy-sensitive) to the external API; SKILL.md doesn't explain exactly how the wallet address is used or whether other user data will be sent. The note about 'data refreshes every 5 seconds' implies frequent polling which could leak activity or hit rate limits.
- Install Mechanism
- okInstruction-only skill with no install steps and only requires standard CLI tools (curl, jq). This minimizes disk-write/remote-executable risk.
- Credentials
- concernThe skill declares a primaryEnv HYPERLIQUID_WALLET_ADDRESS but lists no required.env in registry; SKILL.md also documents an optional HYPERLIQUID_API_KEY that was not declared. Wallet addresses are not secret keys but are privacy-sensitive and can be linked to on-chain activity; the skill requesting a wallet address without clearly documenting how it is used or protected is disproportionate without more detail.
- Persistence & Privilege
- okNo always:true, no installs, and model invocation is allowed (the platform default). The skill does not request elevated persistence or modify other skills/configs.