grimoire-hyperliquid
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends using
npx -y @grimoirelabs/cli, which downloads and executes unpinned code from a remote package repository at runtime. This allows for potential execution of arbitrary code if the package is updated or compromised. - [EXTERNAL_DOWNLOADS]: The skill fetches external packages
@grimoirelabs/cliand@grimoirelabs/venuesfrom the NPM registry during execution without version pinning or integrity checks. - [COMMAND_EXECUTION]: The skill relies on shell command execution via
grimoire,npx, andbunto interact with market APIs and perform on-chain actions. - [CREDENTIALS_UNSAFE]: The skill manages highly sensitive credentials, including the
HYPERLIQUID_PRIVATE_KEYenvironment variable and local keystore files for thewithdrawcommand. Exposure of these credentials would grant full access to the user's financial assets. - [DATA_EXFILTRATION]: The
withdrawcommand enables the transfer of assets to arbitrary destination addresses, representing a high-risk capability if parameters are manipulated by an attacker. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted market data (prices, order books, metadata) from the Hyperliquid API which is then processed by the agent. 1. Ingestion points: market data commands in
SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Fund withdrawal and shell command execution. 4. Sanitization: Absent. This creates a surface where malicious market data could potentially influence agent decisions.
Audit Metadata