ClawHub

HyperX Data API

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: hyperx-data-api Version: 1.0.1 The skill bundle provides documentation and integration instructions for the HyperX Data API (data-api.hyperx.trade), which offers Hyperliquid wallet analytics, market data, and Twitter/news feeds. The content consists of standard API endpoint descriptions, authentication requirements, and benign Python code examples using common libraries like requests and websockets. No malicious patterns, data exfiltration, or prompt injection attempts were found.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

Using the skill may lead the agent or generated code to send wallet addresses, query parameters, or API requests to HyperX's external service.

Why it was flagged

The skill documents external API and WebSocket calls, including wallet-analysis and real-time stream endpoints. These calls are central to the stated API-building purpose and are openly disclosed.

Skill content
Base URL: `https://data-api.hyperx.trade` ... `GET`/`POST`/`WS` endpoints including `/wallet_analysis/{address}`, `/fills/{address}`, `/twitter/ws`
Recommendation

Use authenticated or wallet-specific endpoints only when you intend to share that request data with HyperX, and review generated code before running it.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

If you provide an API token or session cookie, the agent or generated app may be able to access authenticated HyperX account/API features allowed by that credential.

Why it was flagged

The skill documents use of HyperX API tokens and session cookies. This is expected for an API integration, but those credentials are sensitive and are not declared in the registry metadata.

Skill content
| API Token | `X-API-Key: <token>` | Login at [hyperx.trade](https://hyperx.trade) → Settings → API Token | ... | Cookie | HyperX session cookie | Login at [hyperx.trade](https://hyperx.trade) |
Recommendation

Prefer a scoped API token over a session cookie when possible, avoid pasting browser session cookies unless necessary, and revoke or rotate credentials if exposed.