alpaca
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
BENIGN with elevated operational risk. The skill is internally consistent: it uses Alpaca's official SDK, official API hosts, and proportionate brokerage credentials for the stated trading purpose. The main security concern is not malware or credential theft but the ability to trigger real financial actions, especially live order placement; the missing script prevents full verification of runtime safeguards.
Confidence: 88%Severity: 62%
Audit Metadata