aicoin-freqtrade
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads essential software and source code from reputable developer platforms. It fetches the
uvinstaller fromastral.shand clones the officialfreqtraderepository from GitHub to facilitate host-mode deployment. - [REMOTE_CODE_EXECUTION]: The deployment script uses a common pattern to install dependencies by executing a script directly from a remote source. Specifically, it uses
curl | shto install theuvPython manager from its official website. This operation is restricted to trusted developer tools used for the skill's infrastructure. - [COMMAND_EXECUTION]: The skill's control scripts (
ft-deploy.mjs,ft.mjs) execute shell commands to manage the trading daemon. This includes usingsupervisorctlto control the background service,gitfor source code management, and system utilities likepgrepandkillfor process lifecycle control. These actions are necessary for the bot management functionality. - [CREDENTIALS_UNSAFE]: The repository contains default API credentials in
lib/defaults.jsonfor the vendor's market data service. The vendor identifies these as public, rate-limited free-tier keys for initial testing. The skill also features strong instructional safeguards, directing the AI agent to never reveal the user's actual exchange keys or internal daemon passwords during interactions.
Audit Metadata