alpaca-trading

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs child_process.execSync in aggressive-strategy.js to coordinate tasks by calling the local trading.js utility script.
  • [EXTERNAL_DOWNLOADS]: The scripts perform network operations to Alpaca's established API domains (paper-api.alpaca.markets, api.alpaca.markets, and data.alpaca.markets) for the purpose of retrieving market data and managing financial orders.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys and secrets by loading them from environment variables or user-specific JSON files within a credentials/ directory, which is a standard approach for local trading applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — alpaca-trading