Open-broker
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Hyperliquid trading skill, but it gives an unreviewed npm CLI wallet-key access to place, cancel, and automate trades without visible limits.
Treat this as a high-risk financial integration. Before installing, verify the npm package identity, use a limited wallet with only funds you can risk, confirm builder-fee terms, run automations in dry-run mode first, and require explicit approval for every real trade.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key or tool behavior is mishandled, real funds or positions could be affected.
The skill requires a Hyperliquid private key, which is sensitive account authority for trading. The visible artifacts do not show scoped permissions, limited keys, or trade-size restrictions.
"requires": {"bins": ["openbroker"], "env": ["HYPERLIQUID_PRIVATE_KEY"]}, "primaryEnv": "HYPERLIQUID_PRIVATE_KEY"Use only an isolated wallet or subaccount with limited funds, rotate keys if exposed, and require explicit confirmation for every trade.
The agent could place, cancel, or automate orders that change financial exposure.
The allowed tools include many account-mutating trading operations and a broad CLI fallback. These are aligned with the skill purpose, but the visible instructions do not show user-approval or containment safeguards for high-impact financial actions.
allowed-tools: ... ob_buy ob_sell ob_limit ob_trigger ob_tpsl ob_cancel ... ob_twap ... ob_bracket ob_chase ... Bash(openbroker:*)
Only install if you are comfortable with agent-assisted trading; set operational limits outside the skill and review every proposed order before execution.
Automations may continue monitoring or trading after the initial request if not carefully controlled.
The skill supports background monitoring and custom trading automations. This is disclosed and purpose-aligned, but it creates persistent/autonomous behavior with financial impact and the visible artifacts do not clearly state runtime limits or stop conditions.
background position monitoring and custom automations ... run trading strategies, and write event-driven automation scripts
Use dry-run mode first, inspect any automation script, define explicit stop conditions, and verify `auto_stop`/status behavior before using real funds.
Installing the wrong or changed package could expose wallet credentials or execute unintended trading behavior.
The skill metadata and install instructions refer to different npm package names, and the provided scan includes no runtime code for review. For a tool that handles a trading private key, package identity and provenance are important.
"package": "openbroker-plugin" ... ## Installation ... npm install -g openbroker
Verify the exact npm package, publisher, version, integrity, and source repository before installation; prefer a pinned, reviewed version.