wind-alice
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
node:child_process.spawninscripts/wind-alice.mjsto execute the core request logic inscripts/request.js. This ensures robust handling of process termination and output streaming in various terminal environments.- [EXTERNAL_DOWNLOADS]: The skill makes authenticated network requests toalice.wind.com.cnusing the nativefetchAPI. This is required for its primary function of retrieving real-time financial data and analysis from the Alice Agent service.- [CREDENTIALS_UNSAFE]: API keys are handled using standard security practices for command-line interfaces. The code searches for theWIND_API_KEYin environment variables, a localconfig.jsonfile, or a global configuration file in the user's home directory (~/.wind-aimarket/config). No credentials are hardcoded.- [DATA_EXFILTRATION]: User prompts are sent to the official Wind Alice API endpoint. This communication is the intended purpose of the skill and does not involve the unauthorized transmission of local files or sensitive system information.
Audit Metadata