alpaca

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly an Alpaca brokerage integration for US equities/ETFs with commands to place and cancel orders, view account/positions, and requires live API keys. It exposes direct market-order and limit-order capabilities (e.g., "place --symbol AAPL --side buy --qty 1 --type market"), separate live vs paper keys, and a live-execution guard (--confirm-live) — all of which indicate the skill can execute real financial transactions via the Alpaca API. This is a purpose-built financial execution tool (market orders/brokerage API), not a generic interface, so it grants direct financial execution authority.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 09:26 PM
Issues
1
Security Audit — snyk — alpaca