dgclaw

No strong evidence of covert malware within this module; its intent aligns with automated wallet creation and Hyperliquid API wallet registration. However, it is security-sensitive: it executes a local signing command via execSync using a path derived from ACP_CLI_DIR and embeds JSON into a shell-quoted argument (potential command/argument manipulation risk under misconfiguration or adversarial inputs). It also writes a raw EVM private key to a local .env file on success, which is a high-impact risk if the file is exposed or committed. The primary risks to address are command execution safety (avoid shell string execSync; validate/allowlist ACP_DIR) and secret handling/permissions (secure storage for HL_API_WALLET_KEY).

SUSPICIOUS: the skill is mostly purpose-aligned and appears tied to official Virtual Protocol/Degen Claw infrastructure, but it grants an AI agent high-impact financial trading, withdrawals, and public posting while handling multiple sensitive keys. Main concerns are autonomous real-world actions, medium supply-chain trust from source installs, and broad credential scope rather than confirmed malicious exfiltration.