Skills
skills/marketcalls/vectorbt-backtesting-skills/setup/Gen Agent Trust Hub

setup

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]:
  • The skill utilizes sudo to acquire administrative privileges on Linux systems for updating package lists and installing the TA-Lib C library.
  • [EXTERNAL_DOWNLOADS]:
  • The skill downloads the TA-Lib source code via unencrypted HTTP from SourceForge (http://prdownloads.sourceforge.net/ta-lib/ta-lib-0.4.0-src.tar.gz).
  • It directs users to download and install pre-compiled Windows wheels from a third-party GitHub repository (cgohlke/talib-build) which is not an official vendor source.
  • [REMOTE_CODE_EXECUTION]:
  • On Linux systems, the skill downloads, extracts, and compiles C source code from a remote URL (./configure, make, sudo make install). This execution pattern can lead to system compromise if the remote source or the transit path is untrusted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 08:51 AM