trader-signal
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill attempts to install the
neural-traderpackage from the NPM registry if it is not already available. It utilizes the--ignore-scriptsflag, which is a positive security measure to prevent the execution of potentially malicious lifecycle scripts during installation; however, the package remains an external dependency from a source that is not pre-vetted. - [COMMAND_EXECUTION]: The skill uses
npxto run theneural-traderengine with user-supplied ticker symbols and strategy names. This involves executing third-party logic within the local environment to perform data scanning and anomaly detection.
Audit Metadata