ClawHub

Supurr Hyperliquid Algorithmic Trading

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate trading-bot purpose, but installation and live-trading credential handling need review before use.

Install only if you trust Supurr, its release infrastructure, and the downloaded CLI binaries. Prefer inspecting installers first, avoid piping remote scripts directly to bash, use testnet or a limited subaccount/API wallet, do not paste private keys into shared shells, check permissions on ~/.supurr/credentials.json, and require explicit human approval before any live deploy, stop, or update action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The installer does substantially more than installing a trading-related skill: it scans for many AI tool environments, writes into their skill directories, and also installs a separate CLI. That scope expansion increases attack surface and violates least surprise, making it easier for users to run broader system changes than the skill description implies.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script enumerates numerous unrelated AI tool directories under the user's home directory and writes the skill into whichever it finds. For a Hyperliquid trading-bot skill, modifying multiple third-party agent environments is not strictly necessary and creates unnecessary persistence opportunities across tools.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to execute a remotely fetched script directly via `curl ... | bash` without any integrity verification, pinning, or warning. This allows compromise of the hosting domain, CDN, TLS termination, or the script publisher to immediately translate into arbitrary shell execution on the user's machine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README repeats the same unsafe remote-script execution pattern for CLI installation and presents it as standard quick-start usage. Repetition in setup documentation increases the chance that users and agents will normalize executing unreviewed remote code, amplifying supply-chain risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The credential setup examples encourage direct command-line entry of an API wallet private key without warning that shell history, process listings, terminal logging, and screenshots can expose secrets. In a trading context, compromise of that key can allow unauthorized bot control and potentially fund loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The deploy and workflow sections give step-by-step instructions for live bot deployment and stopping without a prominent warning that these commands can place real orders and risk real funds. In a financial trading skill, omission of that warning materially increases the chance of accidental production trading by users or agents.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script modifies the user's shell startup file without explicit consent, creating persistent environment changes that survive the install session. Although the specific change is limited to PATH setup, silent persistence is risky because startup-file edits affect future shells and can surprise users or conflict with existing configuration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer unconditionally deletes and recreates the destination skill directory with `rm -rf` before copying files, without user confirmation, backup, or integrity checks. This can overwrite local modifications and causes destructive behavior in paths derived from runtime variables, which is risky in installation scripts.

Missing User Warnings

High
Confidence
99% confidence
Finding
Advertising installation as `curl ... | bash` encourages direct execution of network-fetched code with no opportunity for inspection, pinning, or signature verification. If the endpoint, TLS trust chain, or hosting infrastructure is compromised, arbitrary shell code executes immediately on the user's machine.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script performs a second remote code execution step by piping another downloaded installer into `bash` to install the CLI, again without confirmation or verification. This compounds the risk by adding another trust boundary and silently extending installation beyond the skill itself.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tutorial tells users to initialize the tool with a wallet address and API wallet/key but gives no guidance on secure handling, storage, shell history exposure, or least-privilege key practices. In a trading context, exposed API credentials can enable unauthorized trading or account misuse, especially if users paste secrets into shared terminals, logs, or screenshots.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The deployment step instructs users to deploy an arbitrage bot without clearly warning that this will place live orders on mainnet using real funds. Because this skill is specifically for automated trading on Hyperliquid and earlier text even says to verify mainnet, omission of a live-trading warning increases the chance of accidental financial loss from misconfiguration, slippage, leverage, or misunderstood behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tutorial instructs users to pass a wallet address and an API wallet/key directly on the command line without warning that shell arguments may be recorded in shell history, process listings, logs, or terminal recordings. In a trading-bot context tied to financial accounts, exposing API credentials can enable unauthorized bot deployment, trading activity, or account abuse, making this more dangerous than a generic CLI example.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The tutorial instructs users to store wallet and API wallet information in a local credentials file under ~/.supurr/credentials.json without any warning about secret handling, file permissions, device compromise, backups, or multi-user environments. In a trading bot context tied to financial accounts, local credential storage materially increases the risk of account misuse if the host is compromised or the file is exposed through logs, sync tools, or weak permissions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal