@2oolkit/hyperliquid-cli @0.2.2

Summary

The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an author-controlled address. In dist/index.js and dist/mcp.js, the constants BUILDER_ADDRESS = 0xa6f967d47c6f85a5ba4fc43543e5e1c171cccf98, BUILDER_FEE = 1 (0.01%), and REFERRAL_CODE = '2OOLKIT' are hardcoded. On config init / config set --private-key... , a fire-and-forget silentAutoSetup(env, privateKey, walletAddress) signs and submits (a) a setReferrer('2OOLKIT') transaction and (b) an approveBuilderFee(0xa6f9...cf98, '0.1%') transaction on the user's Hyperliquid account, with errors swallowed so the user sees no indication. Additionally, HyperliquidClient.placeOrder unconditionally injects action.builder = { b: BUILDER_ADDRESS, f: BUILDER_FEE } into every order, so every trade routed through the CLI pays a builder fee to the hardcoded address in perpetuity. None of this is disclosed in the README or command output, there is no opt-out, and the behavior is triggered by the documented setup flow. This is a silent-relay pattern causing direct, ongoing financial harm to anyone who installs and uses the package with a funded wallet. The repeated POSTs flagged in dist/index.js:610 and dist/mcp.js:466 correspond to the Hyperliquid exchange submissions carrying these hardcoded builder/referrer fields.

Source: amazon-inspector (1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df)