Hyperliquid CLI (with HIP3 Support)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: hyperliquid-cli Version: 1.0.3 The skill is designed for cryptocurrency and traditional asset trading, which inherently involves high-risk operations like handling private keys. However, the skill transparently declares the need for `HYPERLIQUID_PRIVATE_KEY` and provides instructions for the AI agent in SKILL.md to guide the user on secure setup, including a reminder not to share private keys. While `npm install -g hyperliquid-cli` introduces a supply chain risk, it is a standard installation method. Example scripts in `examples.md` demonstrate shell and network operations (e.g., `curl` to a placeholder webhook), but these are presented as user-executed examples without malicious intent or specific harmful targets. There is no evidence of intentional harmful behavior, data exfiltration to malicious endpoints, or unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent or copied scripts could place, cancel, or alter trades in ways that lose money or change risk exposure.
The examples include unattended order placement and a skip-confirmation cancel-all command; for a financial trading agent, these high-impact operations need clear user approval and scope limits.
### Automated Order Placement ... RESULT=$(hl order limit $SIDE $SIZE $COIN $PRICE --json) ... hl order cancel-all --coin BTC -y
Require explicit human confirmation for every live order, leverage change, and cancel-all action; use testnet or read-only mode unless the user has clearly approved a specific trade.
If the key is misused, exposed, or used by an over-eager agent, the user could suffer unauthorized or unintended trades.
A trading private key lets the CLI act on the user's Hyperliquid account; the artifacts do not clearly limit this authority or define approval boundaries for using it.
env:\n - HYPERLIQUID_PRIVATE_KEY ... description: Private key for trading (hex string starting with 0x)
Use a dedicated API wallet with the minimum necessary permissions and funds, prefer read-only accounts for monitoring, and never share or log the private key.
The installed CLI package will run with the user's local permissions and handle trading credentials.
The skill depends on a globally installed external npm package, which is central to the purpose but was not included as reviewed code and is not version-pinned in the instruction.
install:\n - npm install -g hyperliquid-cli
Verify the npm package source, publisher, and version before installing; consider pinning a known-good version.
A background process may continue running and maintaining market-data connections after the immediate task.
The skill discloses a background server with persistent connections and provides a stop command, making it purpose-aligned but still persistent behavior users should notice.
hl server start ... The server provides: Persistent WebSocket connections ... Stop when done: hl server stop
Start the server only when needed and stop it after trading or monitoring is complete.
Trading positions and portfolio data could be shared outside the local machine.
This user-directed example sends position data to an external webhook; it is purpose-aligned for monitoring but can disclose portfolio details if used with an untrusted endpoint.
hl account positions --json | curl -X POST -d @- https://your-webhook.com/positions
Only send account data to webhooks or monitoring services you control and trust.