Find Arbitrage Opps

This skill appears to implement what it claims (queries a local Hummingbot API for prices and finds spreads), but there are red flags you should address before installing or running it: - Do NOT blindly run the suggested `bash <(curl -s https://raw.githubusercontent.com/...)` command. That fetches and executes a remote script; inspect its contents first (view the URL in a browser or curl it to a file and read it). - The registry metadata says no env vars, but the script expects HUMMINGBOT_API_URL, API_USER, API_PASS and that exchange connectors are configured with API keys. Provide only least-privileged credentials and avoid using default admin/admin. - The Python script reads .env files from common Hummingbot locations. Those files can contain secrets; verify which .env will be loaded and ensure it doesn't expose unrelated credentials. - Network scope: the script only contacts the configured HUMMINGBOT_API_URL endpoints (connectors, trading-rules, market-data/prices) and uses HTTP Basic auth. Ensure that HUMMINGBOT_API_URL points to a trusted/local service (e.g., localhost) and that the API user has limited permissions. - If you’re unsure, run the script in an isolated environment/container with no sensitive .env mounted, inspect the script code (already included), and manually perform any prerequisite checks rather than executing remote installers. If you want, I can: (a) fetch and show the contents of the referenced prerequisite script URL for review, (b) summarize the full Python file (it was truncated in input) to confirm there are no hidden exfiltration routines, or (c) suggest a safe run checklist/command set to test the skill in isolation.