pp-robinhood
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
robinhood-pp-clitool usingnpxorgo install, which fetches code from the vendor's (mvanhorn) verified repositories on npm and GitHub. - [REMOTE_CODE_EXECUTION]: Installation of the CLI involves downloading and running setup scripts. This is a standard and documented process for the tool's deployment.
- [COMMAND_EXECUTION]: The skill operates by executing commands through the
robinhood-pp-clibinary. It implements a security model requiring explicit flags (--live-write) and environment variables (ROBINHOOD_PP_ALLOW_WRITES=1) for any state-changing operations like placing trades. - [DATA_EXFILTRATION]: The CLI tool includes a feature to deliver output to a webhook (
--deliver webhook:<url>). While this enables external data transmission, it is presented as a legitimate integration feature for routing command results.
Audit Metadata