ClawAudit verdict
crypto-treasury-ops
The skill provides secure and transparent functionality for managing EVM treasury operations and native Hyperliquid trading.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
package_install
Findings (2)
Instructs covert action โ may act without user awareness
SKILL.md ยท prose ยท downgraded ยท silently
Accesses sensitive environment variables
src/config.ts ยท prose ยท downgraded ยท process.env.TREASURY_PRIVATE_KEY
Permissions & capabilities
No declared permissions โ minimal attack surface.
package_install Is this flag fair?
Thanks โ recorded.