aicoin-freqtrade

Warn

Audited by Socket on May 20, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/ft.mjs

No clear evidence of intentional malware (no backdoor logic, credential theft, data exfiltration, or persistence beyond normal service restart). The main security risk in this module is operational hardening: execSync is used to run shell commands for file replacement (mv) and daemon restart (supervisorctl) using values derived from environment/container context. If an attacker can influence those environment-derived strings, command injection becomes plausible. Otherwise, the behavior aligns with a legitimate trading-daemon control CLI; ensure strong access control and parameter validation upstream for strategy/pairs/dry_run and any trading-force endpoints.

Confidence: 66%Severity: 52%
Audit Metadata
Analyzed At
May 20, 2026, 04:07 AM
Package URL
pkg:socket/skills-sh/aicoincom%2Fcoinos-skills%2Faicoin-freqtrade%2F@6589106ccb80397ac1db24ebaf2c71f654d92a0e
Security Audit — socket — aicoin-freqtrade