hyperliquid-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill repeatedly fetches and consumes live data from the public Hyperliquid API (e.g., https://api.hyperliquid.xyz/info and exchange endpoints) as described in SKILL.md, and those API responses are parsed and used to drive pre-flight checks, order/transfer actions, and signing decisions—so untrusted third-party content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight steps download and execute remote installer scripts/binaries at runtime (notably "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" which is saved and run via sh, plus launcher/script downloads from "https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh" and release binaries from "https://github.com/okx/plugin-store/releases/download/..."), so external content is fetched during runtime and executed as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a crypto trading & funds-management plugin for the Hyperliquid DEX. It exposes many write operations that move or spend funds and sign blockchain transactions (EIP-712) such as: order/spot-order/order-batch (place market/limit perp & spot trades), close/tpsl/cancel (execute trade-related actions), deposit (bridge USDC from Arbitrum), withdraw (send USDC to Arbitrum), transfer (perp↔spot USDC), dex-transfer (cross-DEX USDC sends), evm-send (send USDC to HyperEVM address), usdh-fund (swap USDC→USDH), outcome-buy/outcome-sell (buy/sell prediction-market legs). Many of these require explicit signing and broadcasting via onchainos (wallet sign-message --type eip712) and use domain-specific EIP-712 schemas. This is not a generic API caller or browser automation tool — its primary and explicit purpose is to move funds and execute market orders on-chain. Therefore it grants Direct Financial Execution Authority.