supurr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and non‑interactive CLI flags that pass an API wallet private key (--api-wallet) on the command line and documents storing a raw private_key in ~/.supurr/credentials.json, which would require an LLM to include secret values verbatim in generated commands or outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README and installer scripts instruct runtime downloading-and-executing of remote install scripts (e.g., "curl -fsSL https://cli.supurr.app/install | bash" and the skill installer at https://cli.supurr.app/skill-install which also fetches binaries from https://cli.supurr.app/releases), so remote code is fetched and executed at runtime to install a required CLI dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The supurr CLI is explicitly a trading bot platform for Hyperliquid: it requires and manages wallet credentials (including an API wallet private key), creates/deploys bots that trade spot and perpetual markets (grid, arb, DCA), specifies order sizes, leverage, and USDC balances, and calls endpoints like POST /bots/create/ and POST /bots/<bot_id>/stop (signed). It is specifically designed to initiate and control on-chain/off-exchange trading activity and thus has direct financial execution capability (crypto trading/wallet operations).