AI Agent Trading on DEX
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Superior Trade integration for backtests and live trading; it is coherent, but it can control real-money trading through an API key.
Install only if you intend to let an agent manage Superior Trade backtests and deployments. Treat the API key as financial authority, never share wallet private keys or seed phrases, backtest strategies before live use, and confirm live deployments only after reviewing the trading parameters.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken confirmation or poorly configured strategy could place real trades and lose deposited funds.
The skill can trigger a high-impact live trading action, but the visible instructions require explicit user confirmation for that action.
userConfirmationRequired: ... action: deployment_start ... reason: "Starts live trading with real funds"
Backtest first, review the deployment summary carefully, and only confirm live trading when you understand the stake, pairs, stoploss, margin mode, and risk.
Anyone or any agent with access to this API key could manage your Superior Trade deployments and potentially start trades, though the skill states it cannot withdraw funds or export private keys.
The required API key grants delegated account authority over backtests, deployments, and live trading, which is expected for the skill but sensitive.
scope: "Read-write the user's own backtests and deployments. Can start live trading deployments that execute real trades..."
Store the API key only in a trusted credential manager, revoke or rotate it if exposed, and use this skill only with agents you trust for financial actions.
Balance checks may reveal or confirm your public wallet address to the referenced external API.
The skill discloses an external provider data flow to Hyperliquid; the address is public on-chain, but sharing it is still privacy-relevant.
Balance checks send the user's public wallet address ... No authentication or secrets are sent to this endpoint.
Do not provide private keys or seed phrases, and be comfortable with the public wallet address being used for balance checks.