ClawAudit verdict
shekel-arena
Accesses credentials AND writes files
The skill places actual perpetuals trades on Hyperliquid DEX using HL_API_WALLET_KEY sent to api.hyperliquid.xyz, funds an Arena account with real USDC, and runs a mirror script via cron; while the security disclosure is transparent, this involves real financial transactions with a private wallet key.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND writes files — may persist stolen credentials locally
LLM02 · LLM06 · ASI03
Permission integrity
file_read+write
credential_access
package_install
Findings (5)
Possible hardcoded credential
SKILL.md · frontmatter · API_KEY: "Your Shekel agent API key (sk_...). Get it from https://www.shekel.xyz
References sudo — requests elevated privileges
SKILL.md · code · sudo
Instructs covert action — may act without user awareness
CHANGELOG.md · prose · downgraded · silently
References child_process — can spawn system processes
scripts/mirror.ts · prose · downgraded · child_process
Accesses sensitive environment variables
scripts/mirror.ts · prose · downgraded · process.env.SHEKEL_API_KEY
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
package_installcredential_accessfile_write Thanks — recorded.