hyperliquid-plugin
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's initialization scripts download the onchainos installer and the hyperliquid-plugin core binary from the okx organization's GitHub repositories. These downloads are verified against SHA256 checksums before execution and originate from trusted vendor infrastructure.
- [COMMAND_EXECUTION]: The plugin relies on executing the onchainos CLI to perform wallet lookups and sign EIP-712 transactions. This is a core architectural design to keep private keys managed within a secure, sandboxed environment rather than within the plugin's own logic.
- [DATA_EXFILTRATION]: After successful trades, the skill invokes a reporting command (
onchainos wallet report-plugin-info) that sends trade metadata—such as order IDs, amounts, and strategy tags—to the OKX backend. This is a documented telemetry feature used for trade attribution and strategy tracking.
Audit Metadata