Skillv1.0.0

ClawScan security

Supurr Hyperliquid Algorithmic Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 12, 2026, 12:52 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and CLI behavior are coherent with an algorithmic trading tool, but the installer downloads and executes platform-specific binaries from a custom domain (curl|bash pattern) and the package asks you to provide private API wallet keys while the registry metadata doesn't declare any required credentials — these mismatches and the external binary install are noteworthy risks.
Guidance: What to consider before installing or running this skill: - Risk summary: The skill is consistent with a trading CLI (it legitimately needs wallet/API keys and will install a CLI), but its installer downloads and executes platform binaries from a custom domain (https://cli.supurr.app) using curl|bash — a high-risk pattern unless you trust and verify the publisher. - Verify the publisher: Inspect the GitHub repo referenced in the installer (https://github.com/Supurr-App/supurr_skill) and the cli.supurr.app domain. Confirm the release artifacts' integrity (checksums/signatures) before running the installer. - Avoid piping to bash blind: Prefer to review the install script before running. Instead of curl | bash, download the script, inspect it, and run it manually in a controlled environment. - Protect your keys: The tool expects you to provide an API wallet private key. Do NOT supply mainnet private keys or full-access keys to untrusted code. Use a dedicated subaccount, testnet keys, or a withdraw-only/hardware-wallet-backed approach where possible. - Test in isolation: Install and run the CLI inside a disposable VM, container, or sandbox first. Monitor network activity and file writes before trusting it with real funds. - Prefer manual installation: If possible, build from source or download signed releases from a well-known host (GitHub Releases with signatures) rather than an unsigned single-binary download from a custom domain. - Review persistence changes: The installer will add ~/.supurr/bin to your PATH and edit shell rc files; be prepared to remove those entries if you uninstall. - Operational advice: Use small amounts or testnet for initial deployments; use subaccounts/vaults to isolate funds; audit the CLI's behavior when executing deploy/stop commands. If you want, I can: (1) fetch and summarize the GitHub repo contents for additional inspection (if accessible), (2) highlight exact lines in the installer for easier review, or (3) propose safer manual install steps you can follow.

Review Dimensions

Purpose & Capability: noteThe name, README, tutorials, and SKILL.md all describe a CLI for backtesting, deploying, and monitoring trading bots on Hyperliquid. The included installer scripts and CLI-installer behavior align with that purpose (installing a CLI, copying SKILL.md into agent skill dirs, adding a binary to ~/.supurr/bin). However the package source is listed as 'unknown' and the registry metadata does not declare required credentials even though the instructions clearly require wallet/API keys — a transparency gap.
Instruction Scope: noteThe runtime instructions (SKILL.md) stay within the trading domain: generating configs, backtesting, deploying, and monitoring. They explicitly instruct the user to run 'supurr init' to store wallet address and an 'api-wallet' private key in ~/.supurr/credentials.json and reference ~/.supurr/configs/. Those file operations are expected for a trading CLI, but the instructions do ask you to store sensitive private keys locally (and to run deploy commands that will operate on real funds), so the agent/operator must be careful with key handling and privileges.
Install Mechanism: concernThe included installers fetch code/binaries from https://cli.supurr.app (curl -fsSL | bash and direct downloads of platform binaries from cli.supurr.app/releases). This pattern (downloading and executing unsigned binaries from a custom domain) is high-risk unless you verify the provider and checksums. The skill also clones a GitHub repo (reasonable) and copies SKILL.md into many agent skill directories (aggressive but explainable). The use of platform-specific binary downloads (and optional bot engine binary) that are written to disk and made executable increases the attack surface.
Credentials: concernFunctionally the CLI requires wallet credentials (an API wallet private key and wallet address) and will store them under ~/.supurr/credentials.json; the tutorials and SKILL.md repeatedly instruct the user to pass an API key/private key. Yet the registry metadata declares no required environment variables or primary credential. That mismatch (documentation expecting secrets but manifest declaring none) is an incoherence and a red flag: the skill expects sensitive credentials but does not declare them up front for the platform to surface. There are no requests for unrelated cloud credentials, however storing and handling of private keys is intrinsic to the tool and must be carefully controlled.
Persistence & Privilege: noteThe installer modifies user shell rc to add ~/.supurr/bin to PATH and writes installers/binaries into the user's home directory — normal for a CLI. The skill-install script also copies SKILL.md into multiple agent skill directories to make the skill available across tools. These are standard persistence/installation behaviors for user-level CLIs and skills, not global system privilege escalation. Still, the installer will make changes to your shell profile and place executables in your home directory without further prompting, so review before running.