Skills
skills/aradotso/mcp-skills/alpaca-mcp-server-trading/Gen Agent Trust Hub

alpaca-mcp-server-trading

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configures the environment to download and run the alpaca-mcp-server package via the uvx tool. This is a standard deployment method for MCP servers using official packages.
  • [CREDENTIALS_UNSAFE]: API keys are managed through environment variables (ALPACA_API_KEY, ALPACA_SECRET_KEY). This follows security best practices for credential management in AI agent environments, avoiding hardcoded secrets.
  • [COMMAND_EXECUTION]: Provides standard configuration blocks for various MCP clients (Claude Desktop, Cursor, VS Code) that involve executing the uvx command to start the trading server.
  • [REMOTE_CODE_EXECUTION]: No suspicious remote script execution patterns (e.g., piped bash scripts) were found. The skill references official repositories and standard package managers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 11:22 PM
Security Audit — agent-trust-hub — alpaca-mcp-server-trading