Trust Assessment
alpaca-trading received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct Financial Transaction Capability via `apcacli`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Financial Transaction Capability via `apcacli` The skill enables the AI agent to execute real-world financial transactions (buy/sell stocks, manage portfolios) through the `apcacli` command-line tool. This grants direct access to sensitive financial operations, which carries inherent high risk. While the skill emphasizes safety and recommends paper trading, the capability itself is highly privileged and can lead to significant financial loss if misused, compromised, or if the agent misinterprets user intent. Implement robust user confirmation and authorization mechanisms before executing any `apcacli` commands. Ensure strict input validation and sanitization to prevent command injection. Consider implementing a 'dry run' or 'paper trading' mode as a default for all transactions, requiring explicit user override for live trading. Restrict access to this skill to authorized users only. Implement rate limiting and spending limits. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6f795dfc163a0396)
Powered by SkillShield