ClawHub

hyperliquid-btc-auto-trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed live crypto trading bot, but it can trade real funds continuously with a private key while overstating its safety controls.

Review carefully before installing. Do not use a main wallet or a production private key; use a dedicated low-balance wallet only after adding a dry-run/testnet mode, explicit live-trading confirmation, tested hard caps, real stop-loss/take-profit handling, daily-loss accounting, and a working kill switch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

High
Confidence
95% confidence
Finding
The README promotes a fully autonomous mainnet trading bot using up to 40x leverage and emphasizes ease of use, but omits clear warnings about irreversible live trading, liquidation risk, and real financial loss. In this context, the documentation can directly encourage users to deploy a high-risk financial automation system without informed consent or operational safeguards, making misuse and severe losses more likely.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README instructs users to export a blockchain private key as an environment variable without any warning that this credential grants direct control over funds and must be handled securely. Even though environment variables are common, presenting this step without security guidance increases the chance of accidental disclosure through shell history, process inspection, logs, screenshots, or insecure host environments.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly markets itself as a fully autonomous mainnet trading bot for real BTC-USDC positions, but does not present a prominent, explicit risk disclosure about irreversible real-money loss, leveraged trading risk, or the fact that execution occurs on mainnet. In this context, users could invoke the skill believing the listed 'safety limits' make it inherently safe, leading to substantial financial loss from autonomous actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The quick-start instructs users to place a wallet address and private key into environment variables without any corresponding guidance on secure secret handling, least-privilege practices, or the consequences of key compromise. For a mainnet trading skill, exposed credentials could enable direct theft of funds or unauthorized trading, making this materially dangerous.

Missing User Warnings

High
Confidence
96% confidence
Finding
The invocation instructions say 'Start hyperliquid-btc-auto-trader' and describe the bot as running autonomously 24/7 until stopped, but they do not give a strong immediate warning at the invocation point that this command initiates continuous live trading on mainnet with real capital. That omission increases the likelihood of accidental activation and unattended financial exposure.

Missing User Warnings

High
Confidence
98% confidence
Finding
The program instantiates a mainnet exchange client with a live wallet and private key, then immediately enters an autonomous trading loop when run as __main__ with no interactive confirmation, dry-run mode, or explicit operator acknowledgement. In this context, a mistaken execution, misconfiguration, or maliciously altered strategy/safety module could trigger real BTC-USDC trades and financial loss on mainnet without giving the user a chance to verify intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal