algo-trading
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious intent were identified in the skill instructions or code snippets.
- [EXTERNAL_DOWNLOADS]: The skill interacts with well-known financial data services such as Alpha Vantage, Yahoo Finance, and Alpaca Markets to perform its core functions of market data retrieval and trade execution.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage sensitive API keys via environment variables (e.g., $SERVICE_API_KEY, $ALPACA_KEY), which is the recommended practice for preventing credential exposure.
- [COMMAND_EXECUTION]: The CLI commands defined in the skill (e.g.,
openclaw algo-trading run) are restricted to financial analysis and do not allow for arbitrary system command injection. - [SAFE]: The skill ingests external data from financial APIs and CSV files (e.g.,
historical.csv). While this constitutes a data ingestion surface, the processing is limited to quantitative modeling and does not include vulnerable interpolation of untrusted text into system prompts.
Audit Metadata