cub-strategy

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading/fund execution system: it manages wallets, routes assets to DEXs, sizes and emits market/execution orders, and references operational functions like create_position, close_position, edit_position, cancel_order, and strategy_close*. It describes margin, leverage, per-position sizing, order types (FEE_OPTIMIZED_LIMIT with taker fallback), and a producer daemon that emits entries — all explicit mechanisms to buy/sell and move capital. (The README's "READ-ONLY" constraint for conversational sessions does not change that the skill is specifically designed to execute financial transactions.)

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 08:48 PM
Issues
1
Security Audit — snyk — cub-strategy