hyperliquid-supurr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes non-interactive examples that pass a private API wallet key as a command-line argument (e.g., supurr init --api-wallet <key>) and instructs LLMs to "use exact syntax", which encourages embedding secret values verbatim in generated commands—an explicit high-risk exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly instruct querying the public Hyperliquid Info API (e.g., "POST https://api.hyperliquid.xyz/info" in SKILL.md and references/hl-info-api.md) to obtain asset metadata/market_index that the CLI and strategies must ingest and act on, exposing the agent to untrusted third-party content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README and installer explicitly instruct executing remote installer scripts (curl -fsSL https://cli.supurr.app/install | bash and curl -fsSL https://cli.supurr.app/skill-install | bash) and the install script downloads binaries from https://cli.supurr.app/releases, which are fetched-and-executed at install/runtime and are required for the skill—constituting remote code execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading-bot CLI for Hyperliquid and includes wallet setup (private API wallet keys), commands to deploy bots that execute trades (supurr deploy, details about subaccounts/vaults, market types, leverage, investment amounts, order amounts), and references to order-related primitives (PlaceOrder, CancelOrder) and signing actions (supurr stop signs with your API wallet private key). It is specifically designed to open/close market positions and manage funds on-chain/off-chain, so it grants direct financial execution capability.