hyperliquid-reader
Warn
Audited by Socket on Jun 13, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill's stated purpose and data flows are mostly coherent and read-only, and it targets Hyperliquid's official public API without credentials. However, it uses load-time shell execution and asks the agent to install and run an unpinned third-party GitHub plugin through opencli, creating a meaningful transitive supply-chain risk disproportionate to a simple market-data reader.
Confidence: 100%Severity: 60%
Audit Metadata