pp-robinhood

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the robinhood-pp-cli tool using npx or go install, which fetches code from the vendor's (mvanhorn) verified repositories on npm and GitHub.
  • [REMOTE_CODE_EXECUTION]: Installation of the CLI involves downloading and running setup scripts. This is a standard and documented process for the tool's deployment.
  • [COMMAND_EXECUTION]: The skill operates by executing commands through the robinhood-pp-cli binary. It implements a security model requiring explicit flags (--live-write) and environment variables (ROBINHOOD_PP_ALLOW_WRITES=1) for any state-changing operations like placing trades.
  • [DATA_EXFILTRATION]: The CLI tool includes a feature to deliver output to a webhook (--deliver webhook:<url>). While this enables external data transmission, it is presented as a legitimate integration feature for routing command results.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 03:50 AM
Security Audit — agent-trust-hub — pp-robinhood