beaver-strategy

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). At runtime the producer calls outsider-authored public data via MCP tools market_get_asset_data (candles from external market data sources) and leaderboard_get_markets (Smart-Money leaderboard), then passes the resulting values into the LLM-gated beaver_entry action as {{signal_beaver_signals}} context.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading strategy for BTC and details runtime actions that open and manage market positions. It describes the LLM-gated beaver_entry action that "opens via FEE_OPTIMIZED_LIMIT", references position-management calls (create_position, close_position, edit_position, ratchet_stop_*) and describes order execution parameters (ensure_execution_as_taker). These are direct market-order/position-management capabilities for crypto trading, so it provides direct financial execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — beaver-strategy