Security Audit

vamzi/alpaca-skill:root

github.com/vamzi/alpaca-skill

AI SkillCommit 1a160338f809

TRUSTED

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vamzi/alpaca-skill:root received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Financial Safety Bypass Mechanism, Insecure Credential Storage.

The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 8, 2026 (commit 1a160338). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Financial Safety Bypass Mechanism The skill explicitly documents and exposes a `--force` flag in the `order` command that bypasses all confirmation prompts for financial trades. This allows an AI agent to execute real-money transactions immediately without human-in-the-loop verification. If the agent is manipulated via prompt injection or hallucinates, this could lead to irreversible financial loss. Remove the `--force` flag to enforce mandatory human confirmation for all financial actions. Ensure the agent runtime intercepts and requires approval for trade execution.	Unknown	SKILL.md:65
MEDIUM	Insecure Credential Storage The script includes logic to read API credentials from a plaintext JSON file (`~/.openclaw/credentials/alpaca.json`) in the user's home directory. Storing secrets in the filesystem accessible to the agent increases the risk of credential harvesting if the agent is compromised or tricked into reading the file. Remove the file-based credential loading fallback. Rely exclusively on environment variables injected securely by the agent runtime.	Unknown	scripts/alpaca_cli.py:83

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/db392fc220b5fda5.svg)](https://skillshield.io/report/db392fc220b5fda5)