alpaca-trading
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs
child_process.execSyncinaggressive-strategy.jsto coordinate tasks by calling the localtrading.jsutility script. - [EXTERNAL_DOWNLOADS]: The scripts perform network operations to Alpaca's established API domains (
paper-api.alpaca.markets,api.alpaca.markets, anddata.alpaca.markets) for the purpose of retrieving market data and managing financial orders. - [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys and secrets by loading them from environment variables or user-specific JSON files within a
credentials/directory, which is a standard approach for local trading applications.
Audit Metadata