vibetrading-ai-trading-code-generator
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for trading-code generation, but its templates can run live Hyperliquid bots that place and cancel real orders using exchange credentials without a clear dry-run default or install-time credential warning.
Review the generated strategy code before running it. Use Hyperliquid testnet or dry-run mode first, set strict position and loss limits, use scoped credentials if available, and do not run the bot unattended until you understand exactly which orders it can place or cancel.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running a generated strategy could cancel open orders and submit real trades with financial consequences.
The generated grid strategy initializes the Hyperliquid client for mainnet by default, cancels existing orders, and places buy/sell orders once the strategy is run.
testnet=False # Set to True for testnet ... self.cancel_all_orders() ... self.client.place_order(
Default generated strategies to testnet or dry-run, require explicit user confirmation before live trading, and restrict cancellation to orders created by that strategy.
Users may not realize before installation that the generated code needs credentials capable of acting on a trading account.
Generated/default strategy code expects exchange credentials and an account address, but the registry metadata lists no required env vars or primary credential.
api_key = os.getenv("HYPERLIQUID_API_KEY")
account_address = os.getenv("HYPERLIQUID_ACCOUNT_ADDRESS")Declare Hyperliquid credential requirements in metadata, document required API permissions, and advise users to use scoped/testnet keys where possible.
A strategy may keep operating and making decisions until it is manually stopped.
The default generated strategy template is designed as a continuous loop, which is normal for trading bots but creates ongoing autonomous activity after launch.
while True:
self._execute_trading_logic()
time.sleep(60)Run generated bots in a controlled environment with stop conditions, monitoring, small position limits, and a clear shutdown procedure.
If a generated or user-supplied file has unsafe module-level code, validation/import checks could trigger it.
The validator runs Python subprocess checks and imports the generated module; this is purpose-aligned for code validation, but it is still execution-adjacent behavior.
subprocess.run([self.python_executable, "-m", "py_compile", str(filepath)] ... ) ... import {module_name}Review generated files first and run validation inside an isolated environment, especially before giving the code live exchange credentials.