portfolio-syncing
Warn
Audited by Socket on Jun 27, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core workflow is mostly coherent for portfolio import/sync, and the sheet-write safeguards are proportionate. The main risk is credential forwarding and data retrieval through an external SnapTrade CLI with only partially verified provenance, which raises medium supply-chain and credential-handling concerns but is not enough to call malicious.
Confidence: 81%Severity: 52%
Audit Metadata