Hummingbot Developer
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a Hummingbot developer setup workflow, but it includes high-impact local installers and a sourced branch config that could execute unintended commands.
Install only in a trusted, isolated development environment. Review install_deps.sh before running it, avoid untrusted branch names or edited .dev-branches files, keep services bound to localhost, change default credentials if anything is exposed, and stop the dev stack when finished.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running install-deps can execute code fetched from remote installer endpoints and make broad changes to the local machine.
The dependency installer executes remote installer scripts directly and uses latest/unverified downloads, which is high-impact supply-chain exposure even though installing developer dependencies is purpose-aligned.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ... curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash ... curl -fsSL https://get.docker.com | sh
Inspect the installer first, prefer package-manager or pinned/checksummed installs, and run it only in a trusted development environment.
A malicious or tampered branch-selection file could run local commands when the skill installs or builds the project.
Branch names are written into a shell file without quoting or escaping, and other provided scripts source this .dev-branches file; a poisoned file or crafted branch value could execute shell syntax during later install/build runs.
cat > "$WORKSPACE/.dev-branches" << EOF HBOT_BRANCH=$HBOT_BRANCH GATEWAY_BRANCH=$GATEWAY_BRANCH API_BRANCH=$API_BRANCH EOF
Do not source untrusted workspace files; write branch values with shell-safe quoting, validate branch names strictly, or store them in a non-executable format such as JSON.
Stopping or restarting the dev stack could accidentally terminate another Node or uvicorn process on the same machine.
The stop/start workflow uses broad process-pattern kills rather than only the PID file it creates, which is purpose-related but could affect unrelated local processes matching those strings.
pkill -f "dist/index.js" 2>/dev/null && ok "Gateway stopped" ... pkill -f "uvicorn main:app" 2>/dev/null && ok "API stopped"
Run this in an isolated dev environment and prefer stopping only PIDs recorded by the script.
If the API, broker, or database is exposed outside localhost, default credentials could allow unauthorized access.
The script writes default local development credentials into the API .env file. This is disclosed dev setup behavior, but the credentials are weak and should not be used beyond a local trusted environment.
USERNAME=admin PASSWORD=admin CONFIG_PASSWORD=admin BROKER_USERNAME=admin BROKER_PASSWORD=password
Change generated passwords before exposing any service to a network, and keep this setup local-only.
Credentials may be sent to a configured API endpoint; this is safe only when the endpoint is local or otherwise trusted.
The integration test sends Basic Auth credentials to the configured API URL. The default is localhost and fits the dev purpose, but changing the URL could send credentials over plain HTTP.
API_URL = os.environ.get("HUMMINGBOT_API_URL", "http://localhost:8000") ... req.add_header("Authorization", f"Basic {creds}")Keep HUMMINGBOT_API_URL on localhost for dev testing, or use HTTPS and non-default credentials for remote endpoints.
Gateway can keep running after the command returns unless the user stops the dev stack.
The skill intentionally starts Gateway as a background process and logs it under the workspace. This is disclosed and has a stop command, but it is persistent local activity users should notice.
nohup node dist/index.js --passphrase="$PASSPHRASE" --dev > "$GW_LOG" 2>&1 &
Use `bash scripts/run_dev_stack.sh --status` and `bash scripts/run_dev_stack.sh --stop` when done.