Is b0on/hyperliquid-analyzer safe?

https://github.com/openclaw/skills/tree/main/skills/b0on/hyperliquid-analyzer

76
CAUTION

This skill appears to be a legitimate cryptocurrency market analysis tool with clean documentation and no obvious malicious content. However, security monitoring detected concerning access to multiple sensitive credential files during installation, creating a significant security risk despite the benign skill content.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

HIGH Multiple sensitive credential files accessed -70

During skill installation, the monitoring system detected access to multiple sensitive credential files including SSH private keys, AWS credentials, Docker config, GCloud credentials, and environment files. While the skill content appears benign, this access pattern raises significant security concerns.

LOW External network connections during installation -15

The skill installation process made network connections to external services, which is expected for git clone operations but increases attack surface.

MEDIUM Discrepancy between skill content and file access behavior -30

While the skill content appears legitimate (cryptocurrency market analysis), the detected access to sensitive files creates a concerning behavioral pattern that warrants caution.