ranger-finance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The documentation suggests cloning a repository from GitHub (
ranger-finance/ranger-agent-kit) and installing Python/Node packages. While the organization is not on the predefined 'Trusted' list, these are standard instructions for an integration kit. - CREDENTIALS_UNSAFE (SAFE): The skill documentation correctly advises using environment variables for sensitive data like API keys and private keys rather than hardcoding them. Placeholders are used in examples.
- COMMAND_EXECUTION (LOW): The setup guide involves running a local server (
python -m ranger_mcp), which is the standard implementation for Model Context Protocol (MCP) servers. - PROMPT_INJECTION (LOW): The conversational agent examples process user input which creates a standard injection surface; however, the documentation mitigates this by instructing the agent to 'Always confirm before executing trades'.
Audit Metadata