ClawHub

Hyperliquid CLI (with HIP3 Support)

Security checks across malware telemetry and agentic risk

Overview

This trading skill appears purpose-aligned, but it gives agents real-money trading and sensitive account-data handling patterns without enough guardrails or warnings.

Install only if you are comfortable giving an agent access to real trading authority. Use a dedicated low-balance or restricted wallet where possible, avoid storing raw private keys in shell profiles or shared machines, review any global npm package before installing, and do not copy webhook or logging examples unless you trust the destination and have minimized/redacted account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The documentation includes a referral/fee-discount link unrelated to the core trading capability of the skill. In a high-risk financial context, adding an author-affiliated link can bias user guidance, create a conflict of interest, and steer users to external actions that are not necessary for safe operation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The example explicitly pipes live account position data to an arbitrary external webhook, creating a clear data-exfiltration path. Even if framed as integration guidance, position data is sensitive financial information and disclosing it to third parties without warning, scoping, or sanitization can expose holdings, strategy, and account activity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill provides concrete commands for live market and leveraged trading, including market orders, leverage changes, and cancel-all actions, without prominent warnings that these actions can cause immediate and irreversible financial loss. Because this skill is explicitly designed for real trading on a DEX and references mainnet usage, the missing safeguards materially increase the chance of accidental or unsafe execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This documentation normalizes sending account position data to an external service without any privacy or disclosure warning. In a trading skill, such data can reveal portfolio composition and trading behavior, so omission of a warning materially increases the chance of unsafe use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to enter and locally store private keys for trading accounts in `~/.hyperliquid/accounts.db` but provides no warning about the sensitivity of those credentials, encryption expectations, filesystem permissions, or operational risks. In a trading skill with real-money market access, compromise of a private key can lead directly to unauthorized trades and loss of funds, so omission of secure-handling guidance is security-relevant rather than merely informational.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Documenting `HYPERLIQUID_PRIVATE_KEY` without any caution encourages users to place long-lived private keys in environment variables, which may be exposed via shell history, process inspection, crash dumps, CI logs, or inherited subprocess environments. Because this skill performs live trading, exposure of that variable could enable immediate account abuse and financial loss.

Ssd 3

Medium
Confidence
95% confidence
Finding
The integration guidance includes direct transmission of account positions to an external webhook, which is sensitive operational and financial data. Because this is presented as a normal example, users may copy it without considering disclosure, retention, or third-party access risks.

Ssd 3

Medium
Confidence
90% confidence
Finding
The logging example appends full account position JSON to a persistent local file, increasing the risk of long-term exposure through backups, shared systems, weak file permissions, or later compromise. Persistent financial logs can reveal positions, balances, and trading history beyond the immediate operational need.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal