Shekel Arena
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is upfront about automatic copy-trading, but its mirror script builds shell commands from dynamic signal text, creating a real command-execution risk while handling trading credentials.
Review this skill carefully before installing. Only use it with a dedicated low-balance Arena trading wallet, and avoid enabling forum signal posting until the shell-command construction in mirror.ts is patched. If you proceed, review the external repositories, protect the .env file, and make sure you know how to disable the cron job to stop automated trading.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or poisoned signal/reasoning string could cause local shell commands to run under the user's account, potentially exposing local files or trading secrets.
The script passes dynamic title/content and environment-derived IDs through a shell command string, escaping only double quotes. Shell metacharacters such as command substitutions can still be interpreted when forum posting is enabled.
const cmd = `bash ${__dirname}/../scripts/dgclaw.sh create-post ${ARENA_AGENT_ID} ${SIGNALS_THREAD_ID} "${title.replace(/"/g, "'")}" "${content.replace(/"/g, "'")}"`; ... execSync(cmd, { cwd: path.join(__dirname, ".."), encoding: "utf8", timeout: 15000 });Do not enable forum posting until this is fixed. Replace execSync shell strings with execFile/spawn using argument arrays, strictly validate IDs, and treat signal text as data only.
The skill can trade with the funded Arena account, so mistakes or automation failures can lose funds even if withdrawals are not possible.
The skill needs a private trading key and API credentials to place and close trades. This is disclosed and purpose-aligned, but it is still high-impact delegated authority.
`HL_API_WALLET_KEY`: "Hyperliquid API wallet private key... Trading-only — cannot withdraw funds."
Use a dedicated trading-only wallet, fund only the amount you are willing to risk, keep the .env file private, and rotate keys if exposed.
Trades can continue every few minutes without per-trade approval until the cron job or script is disabled.
The skill intentionally creates persistent automated trading behavior. It is disclosed, but users need to understand it continues after setup.
Sets up an ACP Arena agent that shadow-trades the user's Shekel agent automatically via a mirror script and cron job.
Only install if you want continuous automated copy-trading, and document how to stop or remove the cron job before enabling it.
Upstream repository or dependency changes could affect the code that handles wallet setup and trading.
The setup uses external repositories and package installs without pinned commits in the instructions. This is expected for the integration, but it affects code provenance.
git clone https://github.com/Virtual-Protocol/acp-cli.git ~/acp-cli ... npm install ... git clone https://github.com/Virtual-Protocol/dgclaw-skill.git ~/dgclaw-skill ... npm install
Review the cloned repositories, prefer pinned commits or releases, and avoid running updated code with trading keys without checking changes.