hyperliquid-grid-trading-bot
Fail
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from an unknown GitHub organization ('PolyPulse-Analytics/hyperliquid-trading-bot') which contains the main application code.
- [REMOTE_CODE_EXECUTION]: The troubleshooting section includes a command to install the 'uv' package manager by fetching a script from 'astral.sh' and piping it directly to the shell ('curl | sh'). While 'astral.sh' is the official domain for a well-known developer tool, this execution pattern is inherently risky as it executes remote code without verification.
- [COMMAND_EXECUTION]: The setup process requires the manual execution of multiple shell commands for environment configuration, dependency installation via 'npm install' and 'uv sync', and bot execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata