Hummingbot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Hummingbot, but it deserves review because it can store exchange API keys and deploy/start trading bots that may affect real funds.
Only install this if you intentionally want an agent to manage Hummingbot trading workflows. Use paper trading first, change any default admin/admin Hummingbot API credentials, verify HUMMINGBOT_API_URL points to a trusted API, use restricted exchange keys with withdrawals disabled, and require explicit approval before connecting keys or deploying/starting live bots.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could deploy or start a trading bot that may place orders and lose funds if the wrong config, account, or market is used.
The script directly deploys Hummingbot trading bots through the API, and the reviewed code does not show a confirmation prompt, dry-run check, paper/live environment check, or trading-risk limit before deployment.
result = await c.bots.deploy_v2_controllers(
name=args.bot_name,
controllers=[args.controller],
)Require explicit user confirmation before deploy/start actions, clearly distinguish paper trading from live trading, and add visible risk-limit checks such as max allocation, leverage, and allowed connectors.
Exchange API keys may permit trading or other account actions depending on their permissions; entering them through command-line arguments can also expose them through shell history or process listings.
The skill collects and stores exchange API credentials for connected accounts. That is expected for Hummingbot, but it is high-privilege financial account access and is not reflected in the registry credential/env declarations.
parser.add_argument("--api-key", help="API key")
parser.add_argument("--secret-key", help="Secret key")
...
await c.accounts.add_credential(account_name, connector, credentials)Use restricted exchange API keys with withdrawals disabled, prefer the interactive hidden-input mode or a secret manager, verify the Hummingbot API URL before submitting keys, and declare required credentials/config paths in metadata.
A deployed bot may keep operating until explicitly stopped, which can continue trading beyond the user's current request.
The skill includes lifecycle controls for deploying and stopping bots, indicating that bots may continue running after the immediate agent interaction.
python scripts/bots.py deploy <bot_name> --controller <config_name>
...
async def cmd_stop(args):
async with client() as c:
await c.bots.stop_bot(args.bot_name)Track every bot name the skill starts or deploys, make the running state visible to the user, and require explicit user approval for long-running or live-trading bot operation.
Future versions of the dependency could change behavior, and users have less provenance assurance when installing it manually.
The external dependency is expected for this integration, but the artifact uses an unpinned lower-bound dependency and provides no install spec or lockfile.
requires: hummingbot-api-client>=1.2.8 ... `hummingbot-api-client` installed: `pip3 install hummingbot-api-client`
Pin the dependency version, provide an install spec or lockfile, and verify the package source before use.