Skills
skills/supurr-app/supurr_skill/hyperliquid-supurr/Gen Agent Trust Hub

hyperliquid-supurr

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installers (install.sh and skill-install.sh) download executable binaries and agent skill components from the vendor's domain (cli.supurr.app) and official GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Installation instructions recommend piping remote shell scripts directly to the bash interpreter (curl | bash), a pattern used to automate the setup of the CLI environment and AI agent skills.
  • [COMMAND_EXECUTION]: The skill frequently executes the supurr CLI to perform core operations, including strategy deployment, market monitoring, and local backtesting using the compiled bot engine.
  • [CREDENTIALS_UNSAFE]: The skill prompts users for a private API wallet key via the supurr init command, which is then stored in a local configuration file (~/.supurr/credentials.json) to enable automated trade signing.
  • [COMMAND_EXECUTION]: The installation script modifies system shell configuration files (such as .bashrc or .zshrc) to persist the tool's location in the system PATH, ensuring availability across sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 07:29 PM