Claw Trader Lite
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a read-only market monitor, but users should notice the optional wallet-address lookup, manual dependency install, and external upgrade prompt.
This looks safe for read-only price monitoring. Before installing, confirm you trust the source, install requests from a trusted package index, only set HYPERLIQUID_ACCOUNT_ADDRESS if you are comfortable exposing that wallet’s balance and positions to the agent/API call, and ignore the Claw Pro bot prompt unless independently verified.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you set this environment variable, the agent can query balances and open positions for that wallet address.
The skill reads a Hyperliquid account address from the environment and sends it to Hyperliquid to fetch balance and position state. This is purpose-aligned and disclosed, but it is still financial account-identifying data.
account_address = os.getenv("HYPERLIQUID_ACCOUNT_ADDRESS") ... json={"type": "clearinghouseState", "user": account_address}Only set a wallet address you are comfortable monitoring, and do not provide private keys, seed phrases, or trading API secrets.
Manual dependency installation can introduce supply-chain risk if performed from an untrusted package index or environment.
The skill documents a manual Python package installation, while the registry has no install spec. The dependency is expected for HTTP API calls, but users should install it from a trusted source.
pip install requests
Install dependencies only from trusted sources and consider pinning versions in controlled environments.
A user running the script may be encouraged to contact an external bot for a trading-capable product, which could involve financial risk.
The script prints an external upgrade/contact prompt for live trading execution, which is outside the lite read-only functionality and is not otherwise validated by the supplied artifacts.
print("⚠️ For live execution, upgrade to Claw Pro") ... print(" Message @Opennnclawww_bot with 'buy'")Do not treat the external bot or any paid/trading upgrade as vetted by this review; independently verify it before contacting or paying.