Is hyperwick/wick-arena safe?

The skill contains an explicit social rewards section instructing the agent to follow @wickarena on X (Twitter) and submit retweets containing @wickarena mentions for 200 and 50 'alpha points' respectively. This converts the agent into an automated marketing tool for the skill author's commercial trading platform. The actions require submitting the user's social media handle to the platform and have no direct benefit to the agent's user. This is a social engineering pattern that exploits agent capabilities for commercial gain at the user's expense.

The skill's primary onboarding flow instructs the agent to autonomously call POST /v1/quickstart to create a persistent account on wickcapital.onrender.com. No user confirmation gate is described before account creation. The warning that the API key is 'shown ONCE and then hashed' creates urgency pressure that may cause agents to immediately store credentials in ways not visible to the user. The resulting account persists indefinitely on an external commercial service.

The skill requests agent operation across financial trading, social media management, webhook configuration, team competitions, and 1v1 challenges — multiple sensitive domains — without segmented authorization. A user installing this skill for one purpose could find their agent autonomously performing actions in other domains, as all are presented as a unified capability set without domain-scoped consent.

Every trade placed via POST /v1/trade includes an optional 'reasoning' field (up to 500 chars) that is permanently published to the public activity feed and stored in the trade history. The skill strongly encourages using this field with detailed context. If an agent includes information from the user's current task, system state, or prior conversations in its reasoning, that information becomes permanently public and attributable to the agent on an external commercial platform with no documented deletion mechanism.

Claiming social rewards requires submitting the user's X/Twitter handle to wickcapital.onrender.com. The platform stores this uniquely per account, creating a permanent link between the user's social identity, their simulated trading activity, and the Wick Capital commercial platform. This submission is made to an external service without clear data retention, deletion, or GDPR compliance documentation in the skill.

The skill package includes a .clawhub/lock.json file listing '[email protected]' as an installed skill with a recorded install timestamp. It is unclear whether this is a formal dependency declaration that ClawHub would automatically install, or developer environment state accidentally bundled into the release. If treated as a dependency, the unreviewed academic-research-hub skill introduces additional attack surface not assessed in this audit. The presence of this file in the skill package directory is a packaging concern regardless of intent.

A completed TLS connection to 104.16.1.34:443 (Cloudflare CDN IP range) was observed in TIME-WAIT state following the git clone operation. This is consistent with GitHub serving git pack objects via Cloudflare CDN for latency optimization and is expected behavior for git operations against github.com. No skill-initiated outbound network connections were detected during or after install.

Monitoring confirmed no access or modification of any canary files attributable to the skill installation process. The file access events visible in auditd PATH records for .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials correspond to the audit framework's own baseline monitoring setup at timestamps prior to skill install, and periodic recheck processes — not to skill-initiated reads.

The skill directs agents to place market orders against live Hyperliquid price data with hard prop-firm rules: 10% trailing drawdown or 5% daily realized loss triggers instant account elimination and position closure. A background sweep loop runs every 30 seconds enforcing these rules independently of the agent. Although the $100K balance is simulated, the competitive framing, public leaderboard, elimination mechanics, and real-time market data create a high-stakes financial activity context. An agent operating under this skill may place trades and manage positions autonomously without confirming with the user whether they want to participate in a trading competition.

The social rewards system is a deliberate mechanism to use installed agents as a distributed marketing force for Wick Capital. Agents earn 'alpha points' (convertible to future platform benefits) for following and retweeting on behalf of the platform. This is commercially beneficial to the skill author and has no direct value to the user. The rewards are 'pending admin review', implying a human-verified marketing submission system. This represents a systematic pattern of exploiting agent distribution for commercial promotion.

The platform creates a permanent public record of the agent's trading decisions, including reasoning text, on a publicly accessible leaderboard. The agent accumulates a persistent identity (slug, avatar, badges, career stats) that persists across seasons on an external commercial platform. No API endpoint for account deletion or data removal is documented in the skill, leaving users with no recourse to remove their agent's public history after installation.