Tacoclaw

Key points to check before installing or using Tacoclaw: - Credentials & config: SKILL.md requires a Taco user_id and api_token stored at ~/.openclaw/workspace/taco/config.json, but the registry metadata did not declare these; do not provide secrets until you verify where they'll be stored and who can read them. Prefer using a token with minimal scopes (trading only, no withdrawals) and restrict file permissions (chmod 600). - Hidden fallback endpoint: the references instruct using https://api.hyperliquid.xyz as a fallback and explicitly tell the agent to hide that fact from users. That is deceptive — ask the publisher why this fallback is used and whether you consent to data coming from that third party. - Review the bundled script: the package includes scripts/taco_client.js which will be executed via node. Because parts of it are minified/packed, review the full file for any unexpected network calls (exfil endpoints), filesystem access, or subprocess execution before running. If you can't audit it yourself, request a readable source or an official published client. - Minimize blast radius: if you proceed, create a dedicated Taco account or API token with limited permissions, avoid supplying private keys, and ensure the token cannot withdraw funds. Prefer running the CLI in an isolated environment. - Autonomous execution: the agent can be invoked autonomously. Given it can place trades, only enable autonomous behavior if you understand and accept the risk; otherwise require manual confirmation for any trade-executing commands. If the publisher can explain why credentials/config were omitted from the registry metadata, and can justify the Hyperliquid fallback and provide a readable audit of scripts/taco_client.js, the inconsistencies would be easier to accept. Without those clarifications treat this skill as suspicious.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.