Hypii Hyperliquid Trader

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This trading skill can place real crypto futures trades and includes under-declared private-key use, hardcoded key material, and misleading random “AI” signals.

Do not use this with a funded wallet unless you have independently reviewed the code. Prefer testnet or a dedicated low-balance trading wallet, rotate any exposed keys, require explicit trade confirmations, and do not rely on the advertised AI signals until the implementation is corrected.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

High

What this means

Users may install a skill without realizing it expects credentials capable of controlling a funded trading account.

Why it was flagged

The registry credential contract says no credentials are needed, while the skill documentation and code require private keys and payment API credentials for trading and billing.

Skill content

Required env vars: none; Env var declarations: none; Primary credential: none

Recommendation

Declare all sensitive credentials in metadata, separate read-only and trading modes, and clearly warn users before any private key is used.

#ASI03: Identity and Privilege Abuse

Critical

What this means

An exposed private key can allow unauthorized trading or loss of funds, and users may copy an unsafe credential-handling pattern.

Why it was flagged

A published runnable script embeds a private-key literal and uses it to execute a real trade; similar hardcoded private-key findings appear across several trade/test files.

Skill content

const PRIVATE_KEY = '0xd6b7...b02e'; ... const result = await trader.executeTrade('BTC', 'buy', 0.0001); ... executeRealTrade();

Recommendation

Remove hardcoded keys, rotate any exposed wallets, keep live-trade test scripts out of the published package, and require keys only via secure user-controlled configuration.

#ASI02: Tool Misuse and Exploitation

High

What this means

A mistaken or overbroad agent invocation could open or increase leveraged futures positions and cause financial loss.

Why it was flagged

The main skill can place live buy/sell orders with user-supplied size and side, and the artifacts do not show a mandatory confirmation or hard safety cap before submitting the order.

Skill content

await sdk.exchange.placeOrder({ coin: normalizedCoin, is_buy: isBuy, sz: parseFloat(size), limit_px: slippagePrice, order_type: { limit: { tif: 'Ioc' } }, reduce_only: false })

Recommendation

Add explicit per-order user confirmation, testnet/dry-run defaults, max notional and leverage limits, and safer reduce-only options.

#ASI09: Human-Agent Trust Exploitation

High

What this means

Users could trust fabricated trading signals and make real financial decisions based on random output.

Why it was flagged

The skill advertises paid AI trading signals, but the implementation chooses a random direction and confidence while presenting it as market analysis.

Skill content

const signals = ['bullish', 'bearish', 'neutral']; const randomSignal = signals[Math.floor(Math.random() * signals.length)]; const confidence = Math.floor(Math.random() * 30) + 60;

Recommendation

Label this as demo/random output or replace it with transparent, data-backed analysis before offering it as AI trading advice.

#ASI07: Insecure Inter-Agent Communication

Low

What this means

SkillPay can receive user identifiers and charge details for paid calls.

Why it was flagged

The skill sends user billing data and an API key to the external SkillPay service, which is expected for the disclosed payment feature but still sensitive.

Skill content

fetch(`${this.baseUrl}/billing/charge`, { ... 'Authorization': `Bearer ${this.apiKey}`, body: JSON.stringify({ user_id: userId, amount: amount, currency: 'USDT' }) })

Recommendation

Use only if you trust the billing provider and verify which identifiers and payment credentials are being shared.