The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/kestrel_config.py utilizes subprocess.run to invoke the mcporter CLI tool. This is a legitimate part of the skill's functionality, used to interact with the trading runtime. The command is executed using a list of arguments rather than a shell string, which mitigates shell injection risks.- [SAFE]: The implementation features a 'dynamic daily cap' circuit breaker in scripts/kestrel-scanner.py that scales trading activity based on account P&L, demonstrating a security-first design for automated trading.- [SAFE]: The skill manages its own persistent state (cooldowns and trade counters) using local JSON files in a dedicated state directory, which is a standard and safe practice for this type of agent skill.- [SAFE]: All external data retrieval and trade execution are conducted through the authorized mcporter interface. There is no evidence of data exfiltration, hardcoded credentials, or unauthorized network activity.

kestrel-strategy