Skills
skills/aicoincom/coinos-skills/aicoin-hyperliquid/Gen Agent Trust Hub

aicoin-hyperliquid

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file lib/defaults.json contains a hardcoded accessKeyId and accessSecret. These are documented as public free-tier credentials provided by the vendor.
  • [DATA_EXFILTRATION]: The library lib/aicoin-api.mjs is designed to read .env configuration files from multiple local paths, including ~/.openclaw/workspace/.env and ~/.openclaw/.env, to retrieve sensitive API keys.
  • [DATA_EXFILTRATION]: Authenticated data requests are sent to the vendor's API endpoint at https://open.aicoin.com.
  • [COMMAND_EXECUTION]: The skill operates by executing Node.js scripts (scripts/hl-market.mjs and scripts/hl-trader.mjs) which handle the communication with the remote API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 09:17 AM