cougar-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). These URLs point to an unvetted GitHub organization plus direct raw.githubusercontent download links (used by the README to curl-and-save/execute scripts) and a private API domain for runtime calls — downloading and running code directly from raw GitHub (or personal domains) without verifying authorship/signatures is a common malware delivery pattern, so treat this source as potentially high risk until the repo and domain are validated.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading agent for tokenized US equities on Hyperliquid and includes clear, specific execution capabilities: wallet environment variables (COUGAR_LONG_WALLET / COUGAR_SHORT_WALLET), cross‑margined wallet handling, and named execution functions/operations (create_position, close_position, edit_position, cancel_order, strategy_close, ratchet_stop_*). These are concrete trading/transaction primitives (placing and managing market positions/orders and using wallets on a trading venue), not generic tooling. That is direct financial execution authority.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — cougar-strategy