hyperliquid-trade
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses wallet credentials stored in
~/.aurehub/.wdk_vaultand~/.aurehub/.wdk_passwordto sign transactions. Decryption is performed in-memory and sensitive key material is cleared after use using memory-safety techniques. - [DATA_EXFILTRATION]: The skill includes logic to send the user's wallet address and a nickname to an external ranking server at
https://xaue.com/api/rankings/participants. This behavior is gated by an explicit user opt-in prompt for activity rankings and is disclosed in the skill instructions. - [COMMAND_EXECUTION]: The skill uses shell commands for its initialization and operational phases, including environment verification, dependency installation via
npm install, and execution of the core trade-related Node.js scripts. - [EXTERNAL_DOWNLOADS]: The skill connects to external endpoints to perform its functions, specifically downloading dependencies from the NPM registry and communicating with the official Hyperliquid API.
Audit Metadata