alpaca
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly an Alpaca brokerage integration for US equities/ETFs with commands to place and cancel orders, view account/positions, and requires live API keys. It exposes direct market-order and limit-order capabilities (e.g., "place --symbol AAPL --side buy --qty 1 --type market"), separate live vs paper keys, and a live-execution guard (--confirm-live) — all of which indicate the skill can execute real financial transactions via the Alpaca API. This is a purpose-built financial execution tool (market orders/brokerage API), not a generic interface, so it grants direct financial execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata