lp-agent

The lp-agent skill is coherent with its stated purpose of orchestrating automated LP workflows using Hummingbot API and Gateway. However, credential handling weaknesses (default admin/admin, private key prompts/log exposure) create meaningful security risks. The assessment remains suspicious-to-high-risk due to secret management gaps and potential exposure via logs/history, though there is no evidence of malicious payloads or active data exfiltration. Recommended improvements include eliminating default credentials, implementing secure key-entry (non-echoed, ephemeral in-memory handling), and introducing a secrets management layer for API keys and wallet material.