Hummingbot Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to deploy Hummingbot infrastructure for its stated purpose, but it uses risky installation, credential, and persistent configuration patterns that need human review before use.

Install only in an isolated test environment first. Replace all default credentials, avoid exposing services beyond localhost, review any remote scripts before execution, do not pass real exchange or trading credentials on command lines, and check where the MCP registration stores credentials before connecting live accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (10)

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The skill tells users to execute a remote script directly via curl and process substitution, which runs downloaded code without review, pinning, or integrity verification. If the remote source, GitHub account, repository, or network path is compromised, arbitrary code will execute on the user's machine immediately.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The instructions advertise default credentials of admin/admin/admin for API and config access without an immediate warning to change them. In a trading infrastructure context, weak default credentials can expose account controls, market actions, strategy deployment, and sensitive operational data to anyone who can reach the service.

Missing User Warnings

High

Confidence: 100% confidence
Finding: The container setup writes a .env file containing hardcoded weak secrets such as admin/admin, password, and a fixed database credential. This is especially dangerous because the skill is deploying networked services for automated trading; predictable credentials materially increase the risk of unauthorized access and downstream financial or operational compromise.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Passing API credentials on the command line exposes them to shell history, process listings, logs, and telemetry. Even if the script itself is trusted, command-line secret handling is an unsafe pattern that can leak credentials to other local users or tooling.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The troubleshooting section includes a destructive reset sequence that removes containers, volumes, and the local project directory, but provides no warning that data and configuration may be permanently lost. Users may run it reflexively while troubleshooting and unintentionally destroy state, credentials, logs, or bot data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script accepts API credentials via command-line arguments and then embeds them into a constructed Docker command passed to another CLI. This can expose secrets through shell history, process listings, agent CLI configuration, or logs, especially since insecure defaults of admin/admin are provided and no warning or safer secret-handling mechanism is used.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script automatically invokes the selected agent CLI to register an MCP server, which modifies that tool's external configuration without any confirmation prompt or clear notice about what will be stored. In this context, the registered command includes API endpoint and credential values, so the configuration change may persist sensitive data and alter agent behavior unexpectedly.

Credential Access

High

Category: Privilege Escalation
Content: # set -eu # Load .env if present for f in hummingbot-api/.env ~/.hummingbot/.env .env; do if [ -f "$f" ]; then set -a; source "$f"; set +a
Confidence: 97% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: set -eu # Load .env if present for f in hummingbot-api/.env ~/.hummingbot/.env .env; do if [ -f "$f" ]; then set -a; source "$f"; set +a break
Confidence: 90% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: set -eu # Load .env if present for f in hummingbot-api/.env ~/.hummingbot/.env .env; do if [ -f "$f" ]; then set -a; source "$f"; set +a break
Confidence: 90% confidence
Finding: .env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal