← Back to Skills Marketplace
fengtality

Find Arbitrage Opps

by Michael Feng · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
456
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install find-arbitrage-opps
Description
Find arbitrage opportunities across exchanges by comparing prices for fungible token pairs like BTC/WBTC and USDT/USDC.
README (SKILL.md)

find-arbitrage-opps

Find arbitrage opportunities across all Hummingbot-connected exchanges by comparing prices for a trading pair, accounting for fungible tokens (e.g., BTC = WBTC, USDT = USDC).

Prerequisites

Hummingbot API must be running with exchange connectors configured:

bash \x3C(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/lp-agent/scripts/check_prerequisites.sh)

Workflow

Step 1: Define Token Mappings

User specifies the base and quote tokens, including fungible equivalents:

  • Base tokens: BTC, WBTC, cbBTC (all represent Bitcoin)
  • Quote tokens: USDT, USDC, USD (all represent USD)

Step 2: Find Arbitrage Opportunities

# Basic usage - find BTC/USDT arb opportunities
python scripts/find_arb_opps.py --base BTC --quote USDT

# Include fungible tokens
python scripts/find_arb_opps.py --base BTC,WBTC --quote USDT,USDC

# More examples
python scripts/find_arb_opps.py --base ETH,WETH --quote USDT,USDC,USD
python scripts/find_arb_opps.py --base SOL --quote USDT,USDC --min-spread 0.1

# Filter by specific connectors
python scripts/find_arb_opps.py --base BTC --quote USDT --connectors binance,kraken,coinbase

Step 3: Analyze Results

The script outputs:

  • Prices from each exchange
  • Best bid/ask across all exchanges
  • Arbitrage spread (buy low, sell high)
  • Recommended pairs for arbitrage

Script Options

python scripts/find_arb_opps.py --help
Option Description
--base Base token(s), comma-separated (e.g., BTC,WBTC)
--quote Quote token(s), comma-separated (e.g., USDT,USDC)
--connectors Filter to specific connectors (optional)
--min-spread Minimum spread % to show (default: 0.0)
--json Output as JSON

Output Example

Arbitrage Opportunities: BTC vs USDT
=====================================

Prices Found:
  binance          BTC-USDT     $67,234.50
  kraken           BTC-USD      $67,289.00
  coinbase         BTC-USD      $67,312.25
  okx              BTC-USDT     $67,198.00
  hyperliquid      BTC-USD      $67,245.00

Best Opportunities:
  Buy  okx BTC-USDT @ $67,198.00
  Sell coinbase BTC-USD @ $67,312.25
  Spread: 0.17% ($114.25)

Environment Variables

export HUMMINGBOT_API_URL=http://localhost:8000
export API_USER=admin
export API_PASS=admin

Scripts check for .env in: ./hummingbot-api/.env~/.hummingbot/.env.env

Requirements

  • Hummingbot API running
  • Exchange connectors configured with API keys
Usage Guidance
This skill appears to implement what it claims (queries a local Hummingbot API for prices and finds spreads), but there are red flags you should address before installing or running it: - Do NOT blindly run the suggested `bash <(curl -s https://raw.githubusercontent.com/...)` command. That fetches and executes a remote script; inspect its contents first (view the URL in a browser or curl it to a file and read it). - The registry metadata says no env vars, but the script expects HUMMINGBOT_API_URL, API_USER, API_PASS and that exchange connectors are configured with API keys. Provide only least-privileged credentials and avoid using default admin/admin. - The Python script reads .env files from common Hummingbot locations. Those files can contain secrets; verify which .env will be loaded and ensure it doesn't expose unrelated credentials. - Network scope: the script only contacts the configured HUMMINGBOT_API_URL endpoints (connectors, trading-rules, market-data/prices) and uses HTTP Basic auth. Ensure that HUMMINGBOT_API_URL points to a trusted/local service (e.g., localhost) and that the API user has limited permissions. - If you’re unsure, run the script in an isolated environment/container with no sensitive .env mounted, inspect the script code (already included), and manually perform any prerequisite checks rather than executing remote installers. If you want, I can: (a) fetch and show the contents of the referenced prerequisite script URL for review, (b) summarize the full Python file (it was truncated in input) to confirm there are no hidden exfiltration routines, or (c) suggest a safe run checklist/command set to test the skill in isolation.
Capability Analysis
Type: OpenClaw Skill Name: find-arbitrage-opps Version: 1.0.0 The skill is classified as suspicious primarily due to the `curl | bash` pattern found in the `SKILL.md` file under the 'Prerequisites' section. This command (`bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/lp-agent/scripts/check_prerequisites.sh)`) executes arbitrary code fetched from a remote URL, posing a significant supply chain risk and potential for Remote Code Execution (RCE) if the remote script is compromised. While the Python script `scripts/find_arb_opps.py` itself appears to perform its stated function of finding arbitrage opportunities by interacting with a local Hummingbot API and does not show signs of intentional malice or data exfiltration, the `curl | bash` instruction is a critical vulnerability.
Capability Assessment
Purpose & Capability
The code and SKILL.md match the stated purpose: they query a Hummingbot API for connectors, trading pairs, and prices to surface cross-exchange spreads. However the registry metadata declared no required environment variables/credentials while the SKILL.md and script rely on HUMMINGBOT_API_URL, API_USER, API_PASS and expect exchange API keys configured in Hummingbot. That metadata omission is an inconsistency.
Instruction Scope
SKILL.md instructs you to run a remote script via `bash <(curl -s https://raw.githubusercontent.com/...)` (executes code fetched from the network). The included Python script also reads local .env files (./hummingbot-api/.env, ~/.hummingbot/.env, .env) to load credentials. While reading those .env files is consistent with needing Hummingbot API credentials, instructing remote script execution and reading arbitrary .env locations expand the scope and risk.
Install Mechanism
There is no declared install spec (instruction-only), but SKILL.md explicitly tells users to execute a fetched script from raw.githubusercontent.com. Executing code directly from the network is higher risk and should be audited before running. The skill itself (the Python file) has no build/install steps.
Credentials
The registry claims no required env vars, but both SKILL.md and scripts use HUMMINGBOT_API_URL, API_USER, API_PASS and expect exchange connector API keys configured in Hummingbot. The script will load local .env files (which can contain unrelated secrets). Defaults to admin/admin are insecure. Required secrets are proportionate to the task, but the metadata mismatch and automatic .env loading are concerning.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It only runs as a script/command and uses the Hummingbot API. No elevated platform privileges requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install find-arbitrage-opps
  3. After installation, invoke the skill by name or use /find-arbitrage-opps
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial public release of the find-arbitrage-opps skill. - Find arbitrage opportunities by comparing fungible token pairs (e.g., BTC/WBTC, USDT/USDC) across all Hummingbot-connected exchanges. - Supports filtering by specific exchanges, setting minimum spread, and JSON output. - Outputs best bid/ask prices and recommended arbitrage trades. - Requires Hummingbot API and configured exchange connectors.
Metadata
Slug find-arbitrage-opps
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Find Arbitrage Opps?

Find arbitrage opportunities across exchanges by comparing prices for fungible token pairs like BTC/WBTC and USDT/USDC. It is an AI Agent Skill for Claude Code / OpenClaw, with 456 downloads so far.

How do I install Find Arbitrage Opps?

Run "/install find-arbitrage-opps" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Find Arbitrage Opps free?

Yes, Find Arbitrage Opps is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Find Arbitrage Opps support?

Find Arbitrage Opps is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Find Arbitrage Opps?

It is built and maintained by Michael Feng (@fengtality); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments