chameleon-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These point to a GitHub repo + raw.githubusercontent URLs that deliver plain scripts which the instructions ask you to download and run — a common and potentially dangerous malware vector unless the Senpi-ai project and its authors are verified and you audit the code; senpi.ai is an associated domain but appears unverified here.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading strategy that opens and manages market positions. It describes entry/exit rules, references order behavior ("taker-fallback entry", "maker-only risks CREATE_ORDER_RESTING", "producer enters. DSL exits"), and calls for market data and market/leaderboard APIs for trading legs (ETH/BTC, SOL/ETH). This is a purpose-built tool to place buy/sell orders on crypto assets (market orders/position management), so it grants direct financial execution capability.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — chameleon-strategy