Skillv1.0.0

ClawScan security

Hyperliquid Perps · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 6:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims live/perpetual trading on Hyperliquid but provides no code, no API endpoints, and requests no credentials — the implementation is missing or intentionally vague, which is inconsistent and potentially risky.
Guidance: This skill is incomplete and inconsistent: it advertises automated trading but includes no code, no API endpoints, and requests no credentials. Do not rely on it for real or paper trading. Ask the author for a complete implementation that explicitly shows how it will authenticate to Hyperliquid, what RPC/API endpoints it will call, and any required environment variables or install steps. If you consider installing: (1) require a full code review or audited release (not just a SKILL.md), (2) do not provide real exchange API keys until you validate the implementation in a sandbox, and (3) prefer skills that declare exactly which credentials they need and why. Because the current package is just a placeholder/marketing stub, treat it as untrusted until the missing pieces are provided and reviewed.

Review Dimensions

Purpose & Capability: concernThe name/description promise automated paper and live perpetual futures trading (with leverage, OBV divergence, auto-stop-loss). However the package contains only a short SKILL.md with no commands, no API endpoints, and no required credentials. Real trading integrations require API keys, endpoints, and explicit trade/permission mechanics — none are present, so the declared capability is not supported by the artifacts.
Instruction Scope: concernSKILL.md is effectively a short README/marketing blurb and a single vague usage line: "Use hyperliquid-perps to get started." It gives no runtime instructions (how to authenticate, where to send trade requests, how to simulate paper trading, how to set stop-loss), leaving the agent broad, unspecified discretion. That vagueness is scope creep and prevents safe evaluation.
Install Mechanism: okThere is no install spec and no code files — minimal disk/system impact. This is the lowest install risk, but it also means there's nothing to inspect; the security surface is entirely in the prose, which is incomplete.
Credentials: concernThe skill declares no required environment variables or primary credential. For a trading skill this is disproportionate — legitimate trading integrations would require exchange API keys, signing credentials, or at least explicit instructions to obtain them. The absence could indicate a missing implementation or deliberate obfuscation.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not attempt to modify system or other skills' configs. Autonomous invocation is allowed (platform default) but that alone is not a red flag; combined with the other concerns it increases potential risk if a follow-up implementation is added later without review.