caracal-strategy
Audited by Socket on Jun 28, 2026
2 alerts found:
AnomalySecurityNo concrete malware behavior is visible in this fragment because it contains deployment instructions rather than the strategy implementation. However, it establishes a high-impact supply-chain risk pattern: executable strategy code and runtime components are fetched and installed from public GitHub sources at install time without shown integrity/provenance pinning, then executed as persistent background daemons with an auth token provided via environment variables. To validate safety, the fetched caracal-producer.py, runtime YAMLs, and the installed runtime helpers must be reviewed for network exfiltration, credential misuse, notification abuse (Telegram), obfuscated execution, and any logic that could act beyond the intended trading behavior. As-is, the security posture should be treated as elevated until integrity controls (pin commits, verify hashes/signatures) and runtime behavior checks are in place.