Back to skill
Skillv1.1.0
ClawScan security
Hyperliquid DEX Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:46 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (read-only Hyperliquid queries via a ClawdBot proxy) is plausible, but the runtime instructions reference an internal ClawdBot API endpoint and an undeclared base URL which is not declared in the registry — this mismatch and the unknown source make the package inconsistent and worth caution.
- Guidance
- This skill appears to be a read-only adapter that queries Hyperliquid through a ClawdBot proxy — that is reasonable for the described purpose. However: (1) SKILL.md references {CLAWDBOT_API_URL} but the registry does not declare that environment variable; ask the publisher where the ClawdBot API base URL comes from and whether the platform will supply it. (2) Confirm whether the ClawdBot proxy requires authentication or will add headers; if it does, understand what credentials are used and where they are stored. (3) Verify the source/homepage or request source code before installing — the package has no public repo or homepage. (4) Test with a public wallet address first (no private keys) to confirm only public read-only data is transmitted. If the publisher cannot explain the CLAWDBOT_API_URL or provide provenance for the proxy, treat the skill as untrusted.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes a read-only Hyperliquid query flow via a ClawdBot API proxy which matches the skill name and description. However, the SKILL.md expects an internal service (ClawdBot API) to exist and be callable; the registry metadata does not declare the required CLAWDBOT_API_URL (or any primary credential). This is an implementation gap: calling an internal proxy is plausible for a ClawdBot-targeted skill, but the required base URL must be declared.
- Instruction Scope
- concernRuntime instructions tell the agent to POST to {CLAWDBOT_API_URL}/api/hyperliquid/account and rely optionally on TRADING_WALLET_ADDRESS. The registry did not declare CLAWDBOT_API_URL; SKILL.md lists only TRADING_WALLET_ADDRESS as an env var (optional). The instructions do not ask for private keys and claim read-only access to public Hyperliquid endpoints, but they will transmit wallet addresses (public) to the ClawdBot proxy — the trustworthiness and authentication of that proxy are not described.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes on-disk risk; nothing is downloaded or executed locally by the skill itself.
- Credentials
- concernThe skill declares only an optional TRADING_WALLET_ADDRESS but the instructions require a CLAWDBOT_API_URL base endpoint which is not declared. No secrets or private keys are requested (good), but the undeclared dependency on a ClawdBot internal API endpoint is a proportionality/mis-declaration issue and could hide assumptions about authentication or headers that aren't documented.
- Persistence & Privilege
- okThe skill is not always-enabled, is user-invocable, and allows model invocation (normal). It requests no persistent presence or elevated system privileges.