hyperliquid-reader

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill's stated purpose and data flows are mostly coherent and read-only, and it targets Hyperliquid's official public API without credentials. However, it uses load-time shell execution and asks the agent to install and run an unpinned third-party GitHub plugin through opencli, creating a meaningful transitive supply-chain risk disproportionate to a simple market-data reader.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 01:24 AM
Package URL
pkg:socket/skills-sh/himself65%2Ffinance-skills%2Fhyperliquid-reader%2F@4726c7ed44e51e0aa9f4852b5788209d40156fe02364cd1e0d43d954ffc03569
Security Audit — socket — hyperliquid-reader