Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Decker + Hyperliquid
v1.1.0Use when user asks about Hyperliquid DEX trading via Decker. Triggers: HL, 하이퍼리퀴드, DEX, 영구선물, HL 매수, HL 포지션, Hyperliquid 시세. Includes Safety Guidelines (posi...
⭐ 0· 140·1 current·1 all-time
by@gigshow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes exactly the expected purpose (use Decker to view prices and place Hyperliquid DEX orders). Requiring the user to link Hyperliquid API keys in Decker is consistent with trading functionality. However, the instructions reference an OPENCLAW_SECRET and JWT usage for API calls even though the skill's manifest declares no required environment variables or primary credential — that mismatch is unexplained.
Instruction Scope
Runtime instructions tell the agent to build a GET request to DECKER_API_URL including openclaw_secret as a query parameter (openclaw_secret={OPENCLAW_SECRET}). Putting a secret in a URL query string can leak via logs/referrers and is a risky practice. The document also instructs users to generate and paste Hyperliquid private keys (0x... private keys) into Decker settings — instructing collection/storage of highly sensitive keys. The SKILL.md mentions JWTs for some operations but doesn't explain how those tokens are obtained/managed. Overall the instructions touch and transmit secrets without specifying secure handling.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. Nothing is downloaded or written by an install step.
Credentials
The skill uses OPENCLAW_SECRET in an API call but the manifest lists no required environment variables or primary credential. It also requires users to provide Hyperliquid private keys (sensitive secrets) in Decker settings, yet the skill does not declare or justify any environment/credential requirements. The presence of sensitive secrets without clear, declared handling is disproportionate and inconsistent.
Persistence & Privilege
always:false and no OS/config path requirements. The skill does not request persistent platform privileges. The only persistent effect described is instructing users to store API keys in Decker settings — that is external to this skill and not itself a platform privilege request.
What to consider before installing
This skill is coherent with its stated purpose (trading on Hyperliquid via Decker), but it references and transmits sensitive secrets in an unclear and potentially unsafe way. Before installing or using it, verify: 1) Where and how OPENCLAW_SECRET is provided and stored (why is it needed and why isn't it declared?), and avoid placing secrets in URL query strings; 2) How Decker stores Hyperliquid private keys (are they encrypted, is there an audit/log, is withdrawal disabled as claimed?), and prefer API-only wallets with no withdrawal permission; 3) How JWTs are obtained and refreshed and whether any tokens are sent to third parties; 4) That the decker skill this extends is official/trusted. If you cannot confirm secure handling of secrets and storage practices, do not enable this skill or avoid using it for accounts holding substantial funds.Like a lobster shell, security has layers — review code before you run it.
latestvk975pn60kz2jtmaws9sway3zzd8322qb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.