Skills
NYC
skills/smithery/ai/hyperliquid/Gen Agent Trust Hub

hyperliquid

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted market data from an external API (https://api.hyperliquid.xyz/info) and processes it to format chat responses. \n
  • Ingestion points: Data enters via the Info HTTP endpoint called in scripts/hyperliquid_api.mjs.\n
  • Boundary markers: None identified in the provided documentation to distinguish API data from agent instructions.\n
  • Capability inventory: The skill uses node to execute scripts, performs network requests, and reads/writes to a local configuration file (~/.clawdbot/hyperliquid/config.json).\n
  • Sanitization: No sanitization or validation of the API response is mentioned before it is passed to the chat formatting logic.\n- [Data Exposure] (LOW): The skill accesses a local configuration file at ~/.clawdbot/hyperliquid/config.json. While this is used for account aliases, it establishes a pattern of local filesystem access which could be leveraged if the scripts are compromised.\n- [Command Execution] (LOW): The skill relies on executing local JavaScript files using the node runtime. This is a standard implementation but grants the skill the ability to run code on the host system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:26 AM