Trade Audit

This skill is broadly consistent with its description, but take these precautions before installing or using it: - Review and fix the code bug: analyze.py contains an undefined name ('normal') in normalize_packet which will likely raise an exception; ask the author for a corrected release or patch before relying on it. - Audit data sent to Apus: the script posts whatever is in the prepared bundle to https://hb.apus.network; ensure you never include private keys, wallet seeds, or any confidential PII in prepared bundles. The SKILL.md recommends stripping extraneous text, but that is a manual step — consider adding explicit sanitization or local vetting. - Verify the Apus endpoint and attestation claims: confirm the endpoint, attestation format, and expected guarantees (hardware TEE attestation, integrity proofs) independently. Hard-coded endpoints are harder to rotate; you may prefer an environment-variable override so you can point to a test or internal endpoint. - Be aware of local logs: runs append records to ~/.trade-audit/audit.jsonl which may contain sensitive decision material; decide whether to encrypt, rotate, or disable logging. - Test in an isolated environment: run the script with non-sensitive sample bundles to see behavior and confirm output formatting and exit codes (gate mode) before integrating into any automated trading workflow. If you want, I can: (1) point out exact lines to patch for the undefined-variable bug; (2) produce a hardened variant that prompts for explicit approval before sending bundles externally and optionally redacts sensitive fields; or (3) draft a short checklist for safe operational use (logging policy, bundle sanitization, endpoint verification).