SkillTotal

Is TauricResearch/TradingAgents safe?

tradingagents is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 4 risky constructs are reported for review. It can: filesystem read, filesystem write, mcp tools detected and network egress — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

tradingagents 0.3.0

python_package · https://github.com/TauricResearch/TradingAgents
LOW
0
/ 100 risk score
Snapshot · scanned Jul 2, 2026 · tradingagents@0.3.0 · engine 0.24.0 / ruleset 25
No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Python network egress
  • Python filesystem read
  • Python filesystem write/delete

No malicious indicators found by static analysis.

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of TauricResearch/TradingAgents's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
filesystem readfilesystem writemcp tools detectednetwork egress

Findings (4)

MEDIUMPython filesystem readST-FS-PY-READ

The component reads files from disk.

with open(Path(__file__).parent / "static" / "welcome.txt", encoding="utf-8") as f:
raw = self._log_path.read_text(encoding="utf-8")
text = self._log_path.read_text(encoding="utf-8")
text = self._log_path.read_text(encoding="utf-8")
text = self._log_path.read_text(encoding="utf-8")

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMPython filesystem write/deleteST-FS-PY-WRITE

The component writes or deletes files on disk.

with open(log_file, "a", encoding="utf-8") as f:
with open(log_file, "a", encoding="utf-8") as f:
with open(report_dir / file_name, "w", encoding="utf-8") as f:
with open(self._log_path, "a", encoding="utf-8") as f:
tmp_path.write_text(new_text, encoding="utf-8")
tmp_path.write_text(new_text, encoding="utf-8")
with open(log_path, "w", encoding="utf-8") as f:
(analysts_dir / "market.md").write_text(final_state["market_report"], encoding="utf-8")
(analysts_dir / "sentiment.md").write_text(final_state["sentiment_report"], encoding="utf-8")
(analysts_dir / "news.md").write_text(final_state["news_report"], encoding="utf-8")
(analysts_dir / "fundamentals.md").write_text(final_state["fundamentals_report"], encoding="utf-8")
(research_dir / "bull.md").write_text(debate["bull_history"], encoding="utf-8")
(research_dir / "bear.md").write_text(debate["bear_history"], encoding="utf-8")
(research_dir / "manager.md").write_text(debate["judge_decision"], encoding="utf-8")
(trading_dir / "trader.md").write_text(final_state["trader_investment_plan"], encoding="utf-8")
(risk_dir / "aggressive.md").write_text(risk["aggressive_history"], encoding="utf-8")
(risk_dir / "conservative.md").write_text(risk["conservative_history"], encoding="utf-8")
(risk_dir / "neutral.md").write_text(risk["neutral_history"], encoding="utf-8")
(portfolio_dir / "decision.md").write_text(risk["judge_decision"], encoding="utf-8")
(save_path / "complete_report.md").write_text(header + "\n\n".join(sections), encoding="utf-8")

Why it matters: Usually legitimate, but worth confirming the paths can't be controlled by untrusted input.

Fix: Confirm which files are written/deleted and that paths cannot be influenced by untrusted input.

MEDIUMPython network egressST-NET-PY

The component makes outbound network requests.

response = requests.get(endpoint, timeout=timeout)
resp = requests.get("https://openrouter.ai/api/v1/models", timeout=10)
response = requests.get(API_BASE_URL, params=api_params, timeout=REQUEST_TIMEOUT)
response = requests.get(
        f"{FRED_API_BASE}/{path}", params=api_params, timeout=REQUEST_TIMEOUT
    )
response = requests.get(
        f"{GAMMA_BASE}/{path}", params=params, timeout=REQUEST_TIMEOUT
    )

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →