badger-strategy
Fail
Audited by Snyk on Jun 28, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). These URLs point to a user/organization GitHub repo and raw.githubusercontent links plus a project-hosted domain (senpi.ai); although the content looks like a legitimate project, the README explicitly instructs fetching raw script files and running them — downloading and executing code directly from an unverified GitHub/user-hosted source (and from personal domains) is a high-risk vector for malware distribution.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a purpose-built trading strategy for crypto assets (BTC, ETH, SOL, HYPE) and explicitly describes execution behavior: "Producer enters", "taker-fallback entries (a breakout entry must fill — maker-only risks CREATE_ORDER_RESTING)", and DSL phase settings that govern position sizing, stop/loss, and exit ladders. Those elements indicate the skill is designed to submit and manage market orders/positions (market order creation and lifecycle), i.e., direct market execution for crypto trading. This meets the "Market Orders / Crypto" criteria for Direct Financial Execution.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata