openalgo
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill incorporates robust safety features, including an 'analyzer' mode that allows users to test strategies in a simulated environment before executing real trades. It also explicitly instructs the agent to seek user confirmation for live orders.
- [EXTERNAL_DOWNLOADS]: The skill depends on standard and well-regarded Python libraries for financial engineering and data processing, such as
openalgo,vectorbt,TA-Lib, andduckdb. These dependencies are sourced from official repositories. - [CREDENTIALS_UNSAFE]: Secret management follows best practices by utilizing
.envfiles and environment variables. The skill's own documentation includes rules for the agent to reject any code containing hardcoded API keys. - [DATA_EXFILTRATION]: Outbound communications via Telegram and WhatsApp are implemented as a core feature for user-defined strategy alerts. These channels are configured by the user and do not show signs of unauthorized data harvesting.
- [COMMAND_EXECUTION]: Shell command execution is limited to legitimate setup operations (e.g., pip installation) and script execution for trading logic. No instances of privilege escalation or arbitrary command injection were found.
Audit Metadata