condor-strategy

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installation process fetches its own core scripts, including the producer daemon and configuration utilities, from the vendor's official GitHub repository (Senpi-ai/senpi-skills). This is a standard deployment method for this vendor's tools.
  • [COMMAND_EXECUTION]: The skill operates a long-lived Python daemon (condor-producer.py) that executes market analysis and interacts with the trading runtime. It utilizes established toolchains (OpenClaw/Senpi) to perform financial operations on the Hyperliquid exchange.
  • [DATA_EXFILTRATION]: Network activity is limited to reaching Hyperliquid for market data and the vendor's own MCP (Model Context Protocol) endpoints for signal processing. No data is sent to unauthorized or unknown third-party domains.
  • [CREDENTIALS_UNSAFE]: The skill handles sensitive information such as the SENPI_AUTH_TOKEN and wallet addresses through environment variables and local JSON configuration files. No hardcoded credentials or secrets were found in the source code; the implementation uses standard security practices for managing authentication tokens.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted market data (prices, volumes, and leaderboard stats) via API calls. However, the data is strictly parsed into structured numeric and boolean formats by the Python producer before being interpolated into LLM prompts. This strict sanitization layer prevents external market data from influencing the agent's behavior beyond the intended trading logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:27 PM
Security Audit — agent-trust-hub — condor-strategy