Connectors Available
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated Hummingbot connector-checking purpose, but its helper scripts handle local config and user-supplied arguments in ways that could run unintended code or overwrite files.
Install only if you trust the scripts and your local Hummingbot setup. Before use, avoid running it from directories with untrusted .env files, do not let untrusted prompts choose --token, --data, or --output values, prefer simple alphanumeric token symbols, and use dedicated local Hummingbot API credentials rather than broad account credentials.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted token or data-file argument could make the helper execute commands on the user's machine instead of only searching trading rules.
The heredoc is expanded by bash and command-line values are inserted directly into Python source. A crafted --token or --data value containing quotes and Python statements could alter the generated Python program and run local code.
python3 << PYTHON
...
token = "${TOKEN}".upper()
data_file = "${DATA_FILE}"Pass arguments to Python via argv or environment variables, use a quoted heredoc, and validate token names and file paths before execution.
If a local .env file is malicious or compromised, using this skill can run arbitrary shell commands under the user's account.
The script sources the first matching .env file, which executes it as shell code. This is more dangerous than parsing key/value environment settings.
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
if [ -f "$f" ]; then
set -a; source "$f"; set +aParse only expected key/value names from configuration files instead of using source, and run the skill only from trusted directories with trusted .env files.
If the agent is instructed to use a sensitive output path, the script could clobber a file the user can write.
The helper accepts a user-controlled output path and overwrites/appends to it without restricting the path to the skill's data directory or confirming overwrite.
--output) OUTPUT_FILE="$2"; shift 2 ;;
...
echo "{" > "$OUTPUT_FILE"
...
echo "\"$connector\": $result" >> "$OUTPUT_FILE"Restrict output to the skill's data directory, reject absolute paths and parent-directory traversal, and ask for confirmation before overwriting existing files.
The skill will use Hummingbot API credentials for the configured API URL; those credentials may allow more access than just reading trading rules.
The script authenticates to the configured Hummingbot API using environment/default credentials, while the registry metadata declares no required credentials or environment variables.
API_USER="${API_USER:-admin}"
API_PASS="${API_PASS:-admin}"
AUTH="-u $API_USER:$API_PASS"
CONNECTORS=$(curl -s $AUTH "$API_URL/connectors/"Use dedicated least-privilege Hummingbot API credentials if possible, keep the API URL local/trusted, and declare the credential/environment requirements in metadata.
Users have less information to verify the publisher and may not realize which local tools and settings the skill needs.
The registry gives no source/homepage provenance and under-declares runtime requirements compared with the scripts' use of curl, python3, and Hummingbot API settings.
Source: unknown Homepage: none ... Required binaries (all must exist): none Required env vars: none
Publish a verifiable source or homepage and declare required binaries, environment variables, and credential expectations.