ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hypii Hyperliquid Trader

v1.0.0

Hypii AI Trading Agent for Hyperliquid perpetual futures. Automated trading strategies with SkillPay micropayment integration. Features: - DCA (Dollar Cost A...

0· 315·4 current·4 all-time
byJIAWEI YIN@jarviyin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements trading (Hyperliquid SDK), billing (SkillPay and x402) and strategy logic which matches the description. However the registry metadata claims no required environment variables while SKILL.md and the code clearly expect HYPERLIQUID_PRIVATE_KEY, SKILLPAY_API_KEY, and optional X402_* variables. That mismatch (metadata vs runtime requirements) is an incoherence buyers should notice.
!
Instruction Scope
SKILL.md instructs users to export private keys and API keys and to run node index.js commands — those are expected for a trading agent. The problem: multiple repository scripts (execute-trade.mjs, execute-trade-v2.mjs, final-trade.mjs, test-fixed.mjs, etc.) contain hard-coded PRIVATE_KEY constants and addresses and will perform live trades if executed. These embedded scripts extend runtime behavior beyond what a user might expect from the documented CLI (they can execute real trades using repository-embedded keys).
Install Mechanism
There is no custom install step beyond 'npm install' and dependencies come from the public npm registry (axios, hyperliquid, viem). No remote download/extract URLs or unusual install mechanisms were observed.
!
Credentials
Requesting a Hyperliquid private key and a SkillPay / x402 API key is proportionate to a trading+billing skill. However: (1) the registry lists no required env vars while SKILL.md and code require them; (2) the repository contains hard-coded private key strings and fixed addresses in multiple files — embedding private keys in source is a major security red flag (leakage risk, unknown ownership of the keys, potential for funds to be moved).
Persistence & Privilege
The skill is not always-on and does not declare elevated platform privileges. It does perform billing and trade operations when invoked but does not modify other skills or agent configs. Note: autonomous invocation is allowed by default — combined with the other concerns this increases blast radius if the skill is given permission to act.
Scan Findings in Context
[hardcoded-private-key-in-scripts] unexpected: Multiple files contain literal private key constants (e.g., execute-trade.mjs, execute-trade-v2.mjs, final-trade.mjs). Hard-coded keys are not expected for a third-party skill and are a severe security issue (ownership and intent unknown).
[hardcoded-wallet-addresses] unexpected: Several addresses are embedded as defaults (e.g., X402_RECIPIENT_ADDRESS and addresses in check-balance.mjs). Using fixed recipient addresses in payment/billing flows could redirect user payments to third-party wallets.
[dev-mode-billing-simulated] expected: SkillPay and x402 libs include explicit dev-mode behavior when API keys/private keys are not set. Dev-mode logging and simulated 'paid: true' behavior is present and explained in docs; that is expected in development but should not be used for production billing.
[metadata-env-inconsistency] unexpected: Registry metadata reports no required environment variables while SKILL.md and index.js require SKILLPAY_API_KEY, HYPERLIQUID_PRIVATE_KEY, and X402_* variables. This mismatch is unexpected and reduces trust.
What to consider before installing
This package implements a live trading agent and billing; do NOT run it with real private keys or real funds as-is. Specific actions to consider before installing or running: 1) Do not set HYPERLIQUID_PRIVATE_KEY, X402_PRIVATE_KEY, or SKILLPAY_API_KEY in a shell with real funds until you review and sanitize the code. 2) Inspect and remove or rotate any hard-coded private keys or addresses present in the repository — treat them as compromised. 3) Run everything first on a testnet with HYPERLIQUID_TESTNET=1 and with a throwaway wallet. 4) Avoid executing the scripts named execute-trade*.mjs, final-trade.mjs, or any test-*.mjs files unless you understand and control the wallet keys they use. 5) Confirm the payment recipient addresses (X402_RECIPIENT_ADDRESS) and SkillPay endpoints are what you expect; don’t pay until verified. 6) Prefer to provide private keys via secure vaults/secret managers and use read-only operations where possible. 7) If you are not comfortable auditing Node.js code, do not install this skill with funds under your control or ask a trusted developer/security reviewer to audit/clean the repo first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fdz47w7t4dq7ey4ht05tr982d9pm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments