alpaca

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

BENIGN with elevated operational risk. The skill is internally consistent: it uses Alpaca's official SDK, official API hosts, and proportionate brokerage credentials for the stated trading purpose. The main security concern is not malware or credential theft but the ability to trigger real financial actions, especially live order placement; the missing script prevents full verification of runtime safeguards.

Confidence: 88%Severity: 62%
Audit Metadata
Analyzed At
Jun 18, 2026, 09:27 PM
Package URL
pkg:socket/skills-sh/starchild-ai-agent%2Fofficial-skills%2Falpaca%2F@8c2d4ec5ee513d0481fda224327cb00575f79909d4d7bbca026be39555753731
Security Audit — socket — alpaca