Skills
skills/ruvnet/ruflo/trader-train/Socket

trader-train

Warn

Audited by Socket on May 7, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it relies on unpinned runtime installation and execution of a third-party npm trading CLI, which creates medium supply-chain risk. No clear credential harvesting, exfiltration, or direct trading automation is shown, so this is not confirmed malware.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
May 7, 2026, 03:19 PM
Package URL
pkg:socket/skills-sh/ruvnet%2Fruflo%2Ftrader-train%2F@57ab98e5243c0762be5790fe45753cb2405005bf
Security Audit — socket — trader-train