CAI: hyperliquid-with-cai

Security checks across malware telemetry and agentic risk

Overview

This trading skill appears purpose-aligned, but it delegates real trading authority and uses a powerful API key without enough clear safety boundaries.

Review this carefully before installing. Only use it if you intend to give CAI delegated authority over Hyperliquid trading actions, understand whether assets can be traded or orders canceled, know how to revoke the agent key, and can store the CAI_API_KEY securely with the minimum scope needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill states that CAI E-mode uses a custodial EVM address and a derived agent key, but it does not clearly surface the security implications to the user at the point of use: a hosted /act flow approves an agent capable of placing and canceling trades on the user's behalf. In a trading skill, this missing warning materially affects informed consent because users may not realize they are delegating trading authority through a custodial and hosted flow.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions tell users to store a CAI_API_KEY with platform or full scope but do not warn that this is a high-sensitivity credential that can enable enrollment and trading actions. If mishandled, leaked, or reused insecurely, the key could allow unauthorized trading operations or broader account actions depending on the granted scope.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal