Skills
skills/marketcalls/vectorbt-backtesting-skills/quick-stats/Socket

quick-stats

Fail

Audited by Socket on Mar 6, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

The code specification describes a legitimate, standard analytics utility (EMA 10/20 backtest) and contains no explicit malicious logic in itself. The main security concerns are supply-chain and execution risks: installing TA-Lib/native dependencies and fetching market data from a third-party (OpenAlgo) create download-and-execute and data-leak vectors if users blindly run install commands or trust unverified services. Recommend: do not auto-run shell install commands; install native dependencies from verified package sources in isolated environments (virtualenv/conda containers); validate OpenAlgo endpoints and consider using institutional APIs if confidentiality is required; avoid pasting credentials into shared environments. Overall, code-level malware is unlikely but operational risks are moderate.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 6, 2026, 05:41 AM
Package URL
pkg:socket/skills-sh/marketcalls%2Fvectorbt-backtesting-skills%2Fquick-stats%2F@a71dadb69a312153a21c4dcea34a396ea56126af