badger-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These URLs point to a user/organization GitHub repo and raw.githubusercontent links plus a project-hosted domain (senpi.ai); although the content looks like a legitimate project, the README explicitly instructs fetching raw script files and running them — downloading and executing code directly from an unverified GitHub/user-hosted source (and from personal domains) is a high-risk vector for malware distribution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is a purpose-built trading strategy for crypto assets (BTC, ETH, SOL, HYPE) and explicitly describes execution behavior: "Producer enters", "taker-fallback entries (a breakout entry must fill — maker-only risks CREATE_ORDER_RESTING)", and DSL phase settings that govern position sizing, stop/loss, and exit ladders. Those elements indicate the skill is designed to submit and manage market orders/positions (market order creation and lifecycle), i.e., direct market execution for crypto trading. This meets the "Market Orders / Crypto" criteria for Direct Financial Execution.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — badger-strategy