HyperClaw
WarnAudited by ClawScan on May 18, 2026.
Overview
HyperClaw is coherent for Hyperliquid trading, but it can use a private API key to place or cancel live leveraged trades and the provided artifacts do not show mandatory trade-confirmation guardrails.
Install only if you intentionally want agent-assisted Hyperliquid trading. Use testnet first, then a separate low-balance API wallet rather than a main wallet key, protect the .env file, keep the proxy local, review dependencies, and require explicit confirmation before any buy, sell, leverage, swap, close, or cancel command.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with configured credentials could place or cancel real leveraged orders, change account risk exposure, or affect collateral balances.
The skill documents direct live trading and account-mutating commands, including persistent leverage changes and order cancellation, while the provided visible artifacts do not show a mandatory confirmation or risk-limit workflow before execution.
`HL_TESTNET=false` ... `buy COIN SIZE` | Market buy ... `sell COIN SIZE` | Market sell ... `leverage COIN LEV` | Set leverage for an asset (persists on Hyperliquid) ... `cancel-all` | Cancel all open orders
Use this only for explicit trading tasks, prefer testnet or a small separate API wallet, and require manual confirmation of asset, side, size, price, leverage, and collateral before any mutating command.
If the key is misused or exposed, someone could trade through the associated Hyperliquid API wallet and potentially cause financial loss.
The skill requires a Hyperliquid API wallet private key. This is disclosed and purpose-aligned for trading, and the documentation advises using a separate API wallet, but the credential is still highly sensitive.
HL_ACCOUNT_ADDRESS=0x_your_wallet_address HL_SECRET_KEY=0x_your_api_wallet_private_key ... use a separate API wallet, not your main wallet private key.
Never use a main wallet private key, restrict funds and permissions where possible, protect the .env file, rotate the API wallet key if exposed, and remove credentials when the skill is no longer needed.
If the proxy port or environment is exposed to untrusted users, they may be able to observe or influence account-state lookups or cause the agent to rely on cached data.
The local proxy/gateway caches Hyperliquid info responses, including account, order, and fill state. This is disclosed and short-lived, but it handles sensitive account-context data.
Transparent proxy that caches /info responses to reduce API weight usage ... "clearinghouseState": 2, ... "openOrders": 2, ... "userFills": 5
Run the proxy only on a trusted local machine, do not expose its port, avoid untrusted HL_PROXY_URL or HL_UPSTREAM_URL values, and stop the proxy when finished.
Future dependency changes could affect trading behavior or introduce vulnerabilities even if this skill's current files look coherent.
Dependencies are specified with lower-bound ranges, so setup can install newer package versions from the package index. This is common for Python tools but leaves some supply-chain variability.
hyperliquid-python-sdk>=0.4.0 eth-account>=0.13.0 requests>=2.31.0 python-dotenv>=1.0.0 httpx>=0.27.0 fastapi>=0.115.0 uvicorn[standard]>=0.32.0
Install in the provided virtual environment, review dependencies, and consider pinning exact versions or using a lockfile before using the skill with real funds.
A background process can keep handling and caching Hyperliquid API requests until it is stopped.
The documentation tells the user to start the caching proxy in the background. This is disclosed and purpose-aligned, but it may continue running after the immediate task.
{baseDir}/scripts/.venv/bin/python {baseDir}/scripts/server.py &Track the proxy process, stop it when trading is done, and avoid leaving it running on shared or untrusted systems.