trading-operations

[Skill Scanner] Outbound data post or form upload via curl/wget detected All findings: [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] The fragment is a coherent, purpose-aligned operations guide for managing OpenAlgo-based trading servers across two brokers. It describes startup, health checks, deployment, monitoring, and emergency controls using internal/local endpoints and scripts. No malicious behavior is evident; the risk arises from potential misuse if local endpoints are exposed or misconfigured, rather than from the document’s stated purpose. Recommendation: treat as BENIGN with MEDIUM operational risk if endpoints are exposed; ensure proper access control and auditing for local API endpoints and maintain least-privilege in script execution. LLM verification: This SKILL.md is an operational runbook for managing a local OpenAlgo trading deployment. It does not contain obvious malware or supply-chain downloads; its curl/post patterns target localhost endpoints and local scripts, which is consistent with its stated purpose. The key risks are operational: the document contains commands that perform real-world financial actions (deploy strategies, enable/disable, flatten positions, kill the server). If an AI agent or automated process executes these comma