Skillv3.2.4

ClawScan security

Aicoin Hyperliquid · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 4:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill matches its Hyperliquid data purpose and calls AiCoin APIs, but it reads local .env files, ships a built-in secret, and fails to declare the secret env var — these inconsistencies merit caution before installing.
Guidance: Before installing: 1) Verify you are comfortable with the skill reading .env files from your workspace and ~/.openclaw — remove or move any unrelated secrets from those files. 2) The skill will accept (and prefers) both AICOIN_ACCESS_KEY_ID and AICOIN_ACCESS_SECRET but the registry metadata only lists the key; plan to provide both in a local .env if you want paid-tier data. 3) The repo ships a built-in free-tier key/secret in defaults.json — treat it as demo only and replace with your own key if needed. 4) Confirm the source (https://github.com/aicoincom/coinos-skills) and review the code yourself if you store other sensitive values in OpenClaw .env locations. 5) If you need stronger isolation, run the skill in a dedicated environment (separate workspace or container) so reading .env cannot surface unrelated credentials.

Review Dimensions

Purpose & Capability: okName, description, and shipped scripts align: the code calls AiCoin Hyperliquid API endpoints and provides CLI actions for whales, liquidations, OI, and trader analytics. Requiring the node binary is appropriate. Minor bookkeeping mismatches exist (package.json and SKILL.md versions differ from registry metadata) but do not change capability.
Instruction Scope: concernSKILL.md mandates running the included node scripts (good) and forbids using curl/web_fetch/browser. However the shipped library auto-loads .env files from multiple locations (cwd, ~/.openclaw/workspace/.env, ~/.openclaw/.env) and sets all found keys into process.env. That means this skill will read arbitrary key/value pairs from those .env files (not limited to AICOIN keys). While the code does not appear to exfiltrate arbitrary env values, the behavior expands scope beyond only 'AiCoin keys' and could inadvertently expose other local secrets to the skill's runtime environment.
Install Mechanism: okNo install spec is provided (instruction-only style), and included files are executed by the local node binary. No downloads from external, untrusted URLs or archive extraction are present. This is lower risk than code that fetches/install arbitrary binaries.
Credentials: concernRegistry metadata shows no required env vars but sets primaryEnv=AICOIN_ACCESS_KEY_ID. The SKILL.md and code use both AICOIN_ACCESS_KEY_ID and AICOIN_ACCESS_SECRET; AICOIN_ACCESS_SECRET is not declared in the metadata. The package includes defaults.json with a built-in accessKeyId/accessSecret (public free-tier key). Using a built-in secret and auto-loading multiple .env files (possibly containing other credentials) are disproportionate to a simple read-only market-data skill and should be reviewed by the user.
Persistence & Privilege: okSkill is not always-on, is user-invocable, and does not request platform-wide persistence. It does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other high privileges.