Supurr Hyperliquid Algorithmic Trading
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Hyperliquid trading skill, but it can install unverified remote binaries, store a trading API private key, and deploy live bots that trade real funds.
Only install this if you trust Supurr and can verify the downloaded binaries. Use testnet first, use a restricted API wallet and isolated subaccount with limited funds, and require a manual confirmation before any live deploy or account-changing command.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked without a deliberate final user decision, the agent could start real trading bots that place orders, use leverage, and lose funds.
The skill documents live production trading deployment, and the shown option table indicates testnet is not the default.
`supurr deploy` | Deploy bot to production ... `--testnet` | false | Use Hyperliquid testnet
Require explicit user confirmation immediately before any live deploy, stop, wallet, or account-changing command; default to testnet/backtesting and small isolated subaccounts.
Anyone or anything with access to that credential may be able to act on the trading account within the key's permissions.
The skill uses and stores a trading API wallet key locally. That is expected for this integration, but it is a high-impact credential.
`supurr init --address 0xYOUR_WALLET --api-wallet 0xYOUR_API_KEY` ... `saves to ~/.supurr/credentials.json`
Use a restricted Hyperliquid API wallet, prefer a subaccount or vault with limited funds, and avoid sharing logs or config files that may reveal credential material.
A compromised or unexpected remote binary could handle the wallet key and trading actions outside what the reviewed files show.
The installer downloads and executes remote binary artifacts at install time without a pinned version, checksum, or signature verification in the provided artifacts.
`SUPURR_DOWNLOAD_URL="${SUPURR_DOWNLOAD_URL:-https://cli.supurr.app/releases}"` ... `curl -fsSL "$download_url" -o "$INSTALL_DIR/supurr"` ... `chmod +x "$INSTALL_DIR/supurr"`Verify the publisher and release artifacts independently, require signed/checksummed binaries, and avoid running the installer until provenance is clear.
A single install can change behavior across multiple agent environments, increasing blast radius if the skill is wrong, outdated, or compromised.
The skill installer detects many AI-tool directories and installs the skill into all found targets, rather than limiting itself to one explicitly selected agent.
`$HOME/.claude/skills|Claude Code` ... `$HOME/.openclaw/skills|OpenClaw` ... `for target in "${FOUND[@]}"; do ... install_skill "$dir"`Install only into the specific agent you intend to use, and review/remove copies from other tool directories.
A bot may continue trading after the initial task unless the user monitors and stops it.
The documentation discloses that deployed bots can keep operating across trading cycles after initial launch.
With `--restart`: `After take-profit, the bot waits --cooldown seconds, then starts a new cycle`
Track bot IDs, set conservative limits, and confirm how to stop or disable any bot before deploying it.