hyperliquid-trading

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples instruct passing plaintext passwords on the command line (e.g., --password yourpassword) and copying credentials into commands, which requires the agent to handle secrets verbatim and is an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links are documentation, an official-looking GitHub repo and a web app (low risk), but the presence of a raw GitHub install.sh and an explicit curl | sh installation command makes this a moderate-to-high risk because running remote shell scripts (or installing prebuilt binaries) from an account you haven't verified can deliver malware if the repository is malicious or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill queries public on-chain and third-party exchange data (e.g., via the commands "hypecli perps", "hypecli perps --dex xyz", and "hypecli dexes" which list markets and HIP-3 DEXes) so the agent will ingest untrusted, third-party market/listing content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for a crypto exchange (Hyperliquid) and includes commands to create/manage wallets/keystores, sign transactions, place market and limit orders, cancel orders, and check balances/positions. Examples: "hypecli order market" and "hypecli order limit" execute trades; "hypecli account create" manages encrypted keystores used for signing. These are specific, primary financial execution actions (crypto trading and on-chain order placement), not generic tooling.