Hummingbot Deploy
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to deploy the stated Hummingbot stack, but it sets up high-impact trading access for AI agents using weak defaults and unpinned remote installation steps.
Use this only if you intentionally want to deploy Hummingbot and connect it to your AI agent. Before running it, review the remote scripts, pin versions where possible, replace all default credentials, keep the API off untrusted networks, and install the MCP component only when you are comfortable giving the agent access to your Hummingbot trading infrastructure.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to exchange credentials later, the agent-accessible Hummingbot API could affect real trading activity or deployed strategies.
The skill's purpose is disclosed, but installing MCP gives AI-agent tooling access to a trading API capable of placing or managing trading strategies. The artifacts do not clearly define approval gates, account limits, or containment for that delegated authority.
**Hummingbot API** (Required): Your personal trading server that exposes a standardized REST API for trading, fetching market data, and deploying bot strategies across many CEXs and DEXs. ... **Hummingbot MCP** (Optional): MCP server that helps AI agents ... interact with Hummingbot API.
Install the MCP component only if you explicitly want your AI agent to access Hummingbot, and configure trading/account permissions and approvals conservatively.
Anyone who can reach the deployed service may be able to use the default credentials unless the user changes them.
The non-interactive setup writes weak default credentials for the API and broker. For a networked trading service, default admin credentials are a material access-control concern even though they are disclosed.
API_USER=admin API_PASS=admin CONFIG_API_PASS=admin ... BROKER_API_USER=admin BROKER_PASSWORD=password
Change all default usernames and passwords before exposing the service, and avoid deploying it on a network interface reachable by untrusted users.
The script that actually runs during installation could change after review, affecting what is installed or configured.
The instructions execute a remote script directly from the GitHub main branch rather than using a pinned version or the reviewed local file. This creates a provenance gap for installation-time code.
bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/hummingbot-deploy/scripts/install_mcp.sh)
Review the fetched script before running it, prefer a pinned commit or release tag, and avoid piping remote scripts directly into bash for high-impact trading infrastructure.
A future image update could change the MCP server behavior or security properties without the user noticing.
The MCP server image is pulled using the mutable latest tag, so the deployed container may not match a reviewed or reproducible version.
MCP_IMAGE="hummingbot/hummingbot-mcp:latest" ... docker pull "$MCP_IMAGE"
Pin the MCP Docker image to a specific version or digest and review release notes before upgrading.
After restart, the agent may have ongoing access to the configured Hummingbot MCP server whenever the user allows MCP tools.
The script adds a persistent MCP server configuration to the selected agent CLI. This is purpose-aligned, but it means the Hummingbot tool remains available after the initial setup.
$AGENT_CLI mcp add hummingbot -- $DOCKER_CMD
Confirm the MCP entry in your agent's configuration and remove it when you no longer want agent access to Hummingbot.