hyperliquid-trading-agent

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and not deceptive, but it can drive live leveraged trading without enough explicit user-confirmation and loss-risk boundaries.

Install only if you intend to let an agent interact with a Hyperliquid trading account. Use paper trading or dry-run first, require explicit confirmation for every live order or position change, set tight exchange-side limits, and ensure you can revoke the authenticated session immediately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The manifest clearly describes an authenticated trading execution skill that can place live orders using a host-provided authenticated client, yet it does not prominently warn that use may affect real funds or open leveraged positions. In an agent-automation context, missing consent and safety disclosure increases the risk of unintended live trading, especially because the inputs and outputs are structured for direct execution rather than simulation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes live trade execution, leverage, and risk-management behavior but does not prominently warn that it can drive real-money transactions with possible partial or total loss. In an agent setting, missing this warning can cause unsafe deployment assumptions and reduce operator scrutiny before enabling autonomous trading against a funded account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal