Skills
skills/aradotso/mcp-skills/alpaca-trading-mcp/Snyk

alpaca-trading-mcp

Fail

Audited by Snyk on May 17, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Most links point to legitimate Alpaca and MCP documentation/portal domains (low risk), but the explicit instruction to curl and pipe a remote shell script (https://astral.sh/uv/install.sh) is a high‑risk pattern — running unreviewed remote .sh installers can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly exposes the agent to third-party news/articles via the Alpaca "News & Corporate Actions" features (tools get_news / get_crypto_news) which fetch public news content that the assistant is expected to read and could materially influence trading actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill's installation step runs a remote installer via curl -LsSf https://astral.sh/uv/install.sh | sh, which fetches and directly executes remote code and is required for the skill to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Alpaca with direct tools for placing and managing financial transactions. It documents specific trading operations (place market/limit/stop/trailing-stop orders), options trading (search contracts, post_orders for options including multi-leg orders), portfolio and position management (get_positions, delete_positions_by_symbol_or_asset_id to close positions), batch order placement, and an explicit env var to switch from paper to live trading (ALPACA_PAPER_TRADE=false). Tool names like post_orders, delete_positions_by_symbol_or_asset_id, and account credential requirements (ALPACA_API_KEY / ALPACA_SECRET_KEY) show this skill is purpose-built to execute trades and move financial assets, not a generic interface. Therefore it grants Direct Financial Execution Authority.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 17, 2026, 10:50 PM
Issues
4
Security Audit — snyk — alpaca-trading-mcp