aicoin-freqtrade

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads essential software and source code from reputable developer platforms. It fetches the uv installer from astral.sh and clones the official freqtrade repository from GitHub to facilitate host-mode deployment.
  • [REMOTE_CODE_EXECUTION]: The deployment script uses a common pattern to install dependencies by executing a script directly from a remote source. Specifically, it uses curl | sh to install the uv Python manager from its official website. This operation is restricted to trusted developer tools used for the skill's infrastructure.
  • [COMMAND_EXECUTION]: The skill's control scripts (ft-deploy.mjs, ft.mjs) execute shell commands to manage the trading daemon. This includes using supervisorctl to control the background service, git for source code management, and system utilities like pgrep and kill for process lifecycle control. These actions are necessary for the bot management functionality.
  • [CREDENTIALS_UNSAFE]: The repository contains default API credentials in lib/defaults.json for the vendor's market data service. The vendor identifies these as public, rate-limited free-tier keys for initial testing. The skill also features strong instructional safeguards, directing the AI agent to never reveal the user's actual exchange keys or internal daemon passwords during interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:05 AM
Security Audit — agent-trust-hub — aicoin-freqtrade