← All posts
BLOG · AGENT ECONOMY

Self-custody trading software: your agent, your broker, your keys

Where your broker API keys live decides who can act on your account. A plain comparison of hosted platforms and software that runs on your own machine.

Blog · 6 min read · July 2026

Self-custody has a crisp meaning in crypto: hold your own keys, and no exchange failure can touch your coins. The same idea applies to trading software, though almost nobody says it out loud. When you connect a tool to your brokerage account, the most important question is not what the tool does. It is where your credentials live, and who can act on your account when you are not looking.

Since Robinhood launched agentic trading in May 2026, a growing number of tools want to sit between you and your broker. Some are hosted platforms: you paste broker API keys into a website, their servers store them, and their servers place your trades. Others are local software, the pattern we have called agent-native software: you install it, and the credentials never leave your machine. The two designs look identical in a product demo. They are very different in what can go wrong.

Custody of keys is custody of permission

A broker API key with trade permission is not like a password to a news site. It is standing authority to move your money. Whoever holds it can open and close positions in your account, within whatever scope the broker grants, without asking you each time. That is the whole point of the key, and it is also the whole risk.

So the self-custody question for trading tools is simple: after setup, who physically possesses that authority? If the answer is a company's server, you have delegated custody. If the answer is a process on your own machine, you have kept it. Neither answer is automatically wrong. People delegate custody to institutions every day, and hosted platforms offer real conveniences: no installation, managed uptime, someone to email when things break. But delegation should be a decision you make with the trade-offs in view, not a default you fall into because the signup flow was smooth.

What you hand a hosted platform

When a hosted platform asks for your broker keys, you are trusting more than its intentions. You are trusting its database security, every employee and contractor with production access, every vendor in its stack, and its ability to keep existing as a business. Most platforms are run by careful people, and their marketing usually says so. The problem is structural, not moral: a server that stores trade-permission credentials for thousands of accounts is a concentrated target in a way your laptop never will be.

The threat model, stated plainly

Three failure modes cover most of what matters.

Server breach. A database of broker credentials with trade permission is one of the most valuable things a small company can accidentally build. If it leaks, the damage is not a password reset. An attacker can act inside victim accounts, and even keys scoped to read-only expose positions, balances, and identity. The breach does not have to happen at the platform itself; a compromised dependency or vendor can be the way in.

Platform bankruptcy. Most trading tools are small businesses, and small businesses fail routinely. When a hosted platform winds down, two bad things can happen at once. Your automation stops, possibly while you hold positions it was managing. And the credential database becomes an asset in a shutdown: sold, migrated, or left on a server nobody is patching anymore. Local software fails differently. If the vendor disappears, the copy on your machine keeps working exactly as it did the day before.

Silent permission creep. You review permissions once, at signup, when you are motivated to get started. Then the product ships new features, the terms update, and the scope you granted quietly covers more than it used to. A platform that already holds your key is positioned to act on your account without a fresh grant. None of this requires bad intent. It only requires that the path of least resistance points toward more access, which it always does.

Self-custody moves risk, it does not erase it. Running keys locally removes the platform as a failure point, but it makes you the operator: your machine's hygiene, your revocation discipline, your logs. And no custody model touches market risk. Software that trades can lose money wherever the keys live.

Five questions before you paste keys anywhere

Whatever tool you are evaluating, hosted or local, ours or anyone else's, get plain answers to these before your broker credentials go in.

  • Where does the key live after setup? On your machine, or in the vendor's database? If the answer is vague, treat it as the vendor's database.
  • What scope does it carry? Read-only, trade, or transfer? A tool that only needs market data should never hold trade permission, and nothing you install for trading should ever hold withdrawal rights.
  • Can you audit every action it takes? You want an order trail on your own side, checked against the broker's records, not just a dashboard the vendor renders for you.
  • How fast can you revoke? Know the exact steps to kill the key at the broker before you need them, and confirm revocation actually works.
  • Does it start armed? Software that can trade the moment it installs has made a decision on your behalf. The safer pattern is disarmed by default, with arming as a deliberate human step.

These questions overlap with the ones worth asking about any automated trading pitch; the longer list is in AI trading scam red flags.

How Coil answers them

Coil (coil.trade) is built as local software on purpose, and since this is our blog, apply the checklist to us skeptically. Coil is a one-time purchase you download and run yourself: a scanner that scores S&P 500, Nasdaq-100, and Macro-book names on leadership and entry quality, a dashboard, and a long-only engine that trades the published scores by rule. It runs inside your own AI agent, built for Claude Code, and reaches your broker through Robinhood's MCP connection, the open Model Context Protocol standard covered in MCP explained for traders. Your credentials stay on your machine. There is no Coil server that could store your keys even if we wanted one to exist. And it ships disarmed: out of the box it will not place a trade, and arming it is a step only you can take. The mechanics and the research behind the ranking are laid out at /how-it-works, and the setup path is in the AI agent plus Robinhood guide.

Local custody does not make Coil profitable, and it does not make any tool profitable. It just means that the list of parties who can act on your account has exactly one name on it: yours.

FAQ

Does keeping broker keys local make trading safer?

It makes credential handling safer by removing the hosted platform as a breach and bankruptcy risk. It does nothing to market risk. A locally run strategy can still lose money, and self-custody also means you own operational security: your machine, your revocation process, your logs.

What if I already gave a platform my broker keys?

Rotate or revoke the key from your broker's settings, then reconnect only the tools you still use, with the narrowest scope offered. Check your broker's order history against what you expected the tool to do. Revoking at the broker is the reliable path; deleting your account on the platform may not destroy the credential.

Where do my credentials live when Coil runs?

On your machine. Coil is software you buy once, download, and run inside your own agent against your own broker connection. It has no server-side component that stores accounts or keys, and it ships disarmed, so it cannot trade until you deliberately arm it.

Keys on your machine, by design

Coil installs on your computer, runs inside your own agent, and talks to your own broker connection. It ships disarmed, and arming it is a step only you can take.

See how Coil works — $29 once

Coil is software you install and run yourself, with your own brokerage credentials and capital. It is not investment advice, not a managed account, and not a signal service. Markets can lose money, and leveraged ETFs can lose value rapidly, including total loss. Backtested research is not a promise of returns.