Liquidskills

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Hyperliquid skill, but it includes live trading, transfer, withdrawal, deployment, and conflicting bridge guidance that can affect real funds if copied or automated.

Install only for users who intentionally want Hyperliquid development guidance and are prepared to supervise it. Treat every order, transfer, withdrawal, bridge, deployment, and cast/forge broadcast example as a real transaction unless proven otherwise; use testnet first, never give an agent a main wallet key, use limited API wallets, verify bridge direction and contract addresses from official sources, and require explicit human approval before any mainnet action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (17)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The bridge section gives mutually contradictory instructions about whether sending HYPE to the bridge address moves funds into HyperEVM or withdraws them back to HyperCore. In an architecture skill that users may rely on for implementation or operational fund movement, this can directly cause irreversible asset transfers to the wrong environment and operational loss.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill provides ready-to-use signed trading examples that can place live market and limit orders on mainnet, but it does not clearly warn that these actions can execute immediately with real funds. In an agent-skill context, this is risky because an agent may treat the examples as safe templates and trigger unintended trades or position changes without explicit user confirmation.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The account-management section includes withdrawal and transfer operations that can move assets between bridge/spot/subaccounts, yet it lacks an explicit warning that these actions are financially destructive or irreversible once submitted. In an AI-agent setting, exposing these calls as ordinary examples materially increases the chance of unauthorized or mistaken asset movement.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes concrete asset-moving bridge operations without prominent warnings about irreversible fund movement, address verification, environment selection, or testing with small amounts. In a financial infrastructure context, missing safety framing materially increases the chance that users execute risky actions based on incomplete guidance.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill includes ready-to-use swap examples that can move real assets but does not prominently warn that these actions are irreversible and financially risky. In an agent-skill context, users may copy or automate these snippets directly, increasing the chance of unintended live trades, slippage losses, or use against production wallets.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The vault and rebalance examples describe autonomous order placement and strategy execution without warning that automation can continuously place trades and accumulate losses. Because the examples frame the behavior as a reusable pattern, they may encourage unsupervised deployment of strategies involving leverage and market exposure without operator controls.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill includes examples that send user wallet addresses and account/trading state to a third-party API, but it does not warn that these requests disclose user-linked financial activity to an external service. In a data-indexing skill, this omission can cause developers to unknowingly build workflows that expose sensitive trading metadata or violate internal privacy expectations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The Supabase example uses SUPABASE_SERVICE_KEY, which is a privileged secret capable of bypassing normal client restrictions, yet the skill gives no warning about keeping it server-side or out of logs and front-end code. Readers may copy this pattern directly into insecure contexts, leading to database compromise or unauthorized data access/modification.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes deployment configuration and commands that directly reference a live private key via environment variables without any safety warning about key handling, funded accounts, or secret management. In a copy-pasteable agent skill, this can normalize unsafe operational practices and lead users to expose or misuse signing credentials on real networks.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill instructs users to run deployment commands with --broadcast and network-specific execution against HyperEVM testnet, but it does not clearly warn that these commands perform real signed transactions and consume funds. Because the content is presented as a practical how-to, users may execute it directly without recognizing that it writes to a live chain and can deploy unintended or unreviewed contracts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The examples include live deployment and contract interaction commands that use a private key and target mainnet/testnet RPC endpoints, but they do not clearly warn that these commands sign and broadcast real transactions. In a developer-facing skill, omission of an explicit safety warning can lead users to unintentionally spend funds, deploy contracts, or perform irreversible on-chain actions.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The Python SDK example initializes against mainnet and demonstrates order placement and cancellation without any caution that these operations can execute real trades and affect positions or balances. Because these are financial actions rather than harmless reads, the missing warning materially increases the chance of accidental loss or unexpected market activity.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The TypeScript example constructs an account from a private key and submits an order through the exchange client on non-testnet configuration, but does not tell the user that this can place a live order. In a trading context, that omission can directly cause unintended financial exposure or losses.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The cast send example transmits a signed transaction using a private key, but the surrounding text does not explain that this may irreversibly transfer assets or invoke contract logic on a live network. Users may copy-paste the command assuming it is a harmless demo, which is especially risky in blockchain tooling documentation.

External Transmission

Medium

Category: Data Exfiltration
Content: json={'type': 'allMids'}).json() # Specific user's positions state = requests.post('https://api.hyperliquid.xyz/info', json={ 'type': 'clearinghouseState', 'user': '0xYourAddress' }).json()
Confidence: 78% confidence
Finding: requests.post('https://

External Transmission

Medium

Category: Data Exfiltration
Content: json={'type': 'allMids'}).json() # Specific user's positions state = requests.post('https://api.hyperliquid.xyz/info', json={ 'type': 'clearinghouseState', 'user': '0xYourAddress' }).json()
Confidence: 78% confidence
Finding: requests.post('https://api.hyperliquid.xyz/info', json=

External Transmission

Medium

Category: Data Exfiltration
Content: json={'type': 'allMids'}).json() # Specific user's positions state = requests.post('https://api.hyperliquid.xyz/info', json={ 'type': 'clearinghouseState', 'user': '0xYourAddress' }).json()
Confidence: 78% confidence
Finding: https://api.hyperliquid.xyz/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal