Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ZERO Trading
v2.1.0trading agent for hyperliquid via zero. evaluates markets through 9 intelligence layers. rejects 97% of setups. the 3% that pass become trades.
⭐ 0· 112·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (ZERO trading via Zero engine) aligns with the actions described: it needs network access to api.getzero.dev and provides many trading-related tool calls. That part is coherent. However the skill also relies on local agents/infra (local Ollama for layer 8, bus/*.json files such as timeframe_signals.json and layer_weights.json, and writing MCP config files), which goes beyond a purely remote trading integration and should be expected only if the operator runs Zero's local components. The top-level SKILL metadata lists network permission but omits filesystem permission even though sub-skills require it.
Instruction Scope
SKILL.md and the sub-skills instruct the agent to locate and modify user config files (e.g. ~/.openclaw/openclaw.json, ~/.openclaw/mcp.json, ~/.config/mcp/servers.json), create files if missing, overwrite existing 'zero' MCP entries, restart the gateway (openclaw mcp restart), and call multiple remote tools. It also references reading/writing local bus files and using a local Ollama model. These instructions give the skill the ability to change your agent configuration and to run or prompt running local setup scripts (README and join/ suggest running setup.sh when config is read-only). The scope includes proactive pushes/unprompted daily briefs and alerts (agent should push updates unprompted). All of this is functionally relevant to a trading agent but expands the trust surface and the impact of errors or malicious config changes.
Install Mechanism
There is no install spec (instruction-only), which reduces automatic installation risk. However the package includes two executable-looking files (scripts/setup.sh and scripts/validate_skills.py). The documentation explicitly points operators to run setup.sh in some error cases and to copy the skill folder into ~/.openclaw/skills — so there is a chance an operator or the agent (per instructions) may execute shipped scripts. Because there is no controlled install mechanism that validates those scripts, inspect them before running. No remote binary downloads are specified.
Credentials
The skill declares no required environment variables or primary credential, which superficially reduces secret risk. Yet the runtime instructions expect the agent to edit MCP configuration and to interact with tools that may require tokens or plan-level authentication later (the error matrix mentions 401/403 and 'missing token'). The skill also references local services (Ollama, cross_timeframe_agent) and local file paths for layer weights and timeframe signals that are not declared in requires.config or requires.env. Asking to overwrite user's MCP config entry (including overwriting an existing 'zero' entry) is a sensitive filesystem/credential-adjacent operation and should be considered high-impact.
Persistence & Privilege
The skill is not marked always:true (good). However the join sub-skill instructs writing persistent agent config (adding/overwriting an mcpServers entry) and restarting the gateway — this grants the skill persistent capability to register remote MCP endpoints that will be used by the agent thereafter. The top-level metadata did not advertise filesystem permission even though a sub-skill needs it (inconsistency). Modifying agent configuration and auto-registering an external MCP server is a powerful action and should only be allowed after operator review/consent.
What to consider before installing
This skill broadly behaves like a trading integration (network calls to api.getzero.dev and many remote tools), but it also asks the agent to modify your OpenClaw/MCP configuration and references local files and a local LLM. Before installing or running it: 1) Inspect the shipped scripts (scripts/setup.sh and scripts/validate_skills.py) — do not run them until you review their actions. 2) Backup your OpenClaw config (~/.openclaw/openclaw.json, ~/.openclaw/mcp.json, ~/.config/mcp/servers.json) so a bad write can be reverted. 3) Confirm you are comfortable the skill may add/overwrite an 'zero' MCP server entry and that the endpoint (https://api.getzero.dev/mcp) is expected. 4) If you won't run local components (Ollama/cross-timeframe agent), expect some features to auto-pass or be unavailable; ask the developer which parts require local services. 5) Prefer running initial trials in paper mode only and keep the skill's proactive pushes restricted until you audit its behavior. 6) Ask the publisher for a signed release or to show the contents of setup.sh/validate_skills.py if you lack the expertise to audit them yourself.Like a lobster shell, security has layers — review code before you run it.
autonomous-agentvk9759dr6688m6f7qfz334jhr9183x093cryptovk9759dr6688m6f7qfz334jhr9183x093hyperliquidvk9759dr6688m6f7qfz334jhr9183x093latestvk9759dr6688m6f7qfz334jhr9183x093mcpvk9759dr6688m6f7qfz334jhr9183x093tradingvk9759dr6688m6f7qfz334jhr9183x093
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis