find-xemm-opps

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL.md prerequsite instructs running bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/lp-agent/scripts/check_prerequisites.sh), which fetches and directly executes remote code (curl | bash) as a required setup/runtime step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading utility: it finds cross-exchange market-making (XEMM) opportunities, references maker/taker hedging, mid-price gaps, and requires Hummingbot API plus "exchange connectors configured with API keys" (trading exchange integrations). Although the shown script appears to only analyze order books, its primary and explicit purpose is trading/hedging across exchanges (financial asset execution), and it depends on an API and exchange connectors that are used to place market orders. This meets the criterion for crypto/market-order financial capability.