hummingbot-deploy

SUSPICIOUS: The skill is broadly aligned with its stated Hummingbot deployment purpose and uses verifiable same-org repositories, so this is not confirmed malware. Risk remains medium because it executes unpinned remote scripts, forwards credentials to a fetched installer, and installs another skill, all in service of infrastructure that can later automate trading actions.