eel-strategy

Warn

Audited by Socket on Jun 28, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
SKILL.md
AnomalyLOW
README.md

No direct malicious code or explicit exfiltration behavior is demonstrated in this fragment because it mainly documents installation and daemon startup. The primary risk is supply-chain execution: it downloads and runs unpinned remote scripts and installs an external runtime via npx, then runs long-lived daemons with a sensitive SENPI_AUTH_TOKEN in their environment. Without integrity verification/pinning and without reviewing the unseen Python/runtime implementations, malware presence cannot be ruled out; security posture warrants pinning versions, verifying signatures/checksums, and auditing the fetched modules for token handling and outbound communications (including any Telegram logic).

Confidence: 62%Severity: 62%
Audit Metadata
Analyzed At
Jun 28, 2026, 08:49 PM
Package URL
pkg:socket/skills-sh/senpi-ai%2Fsenpi-skills%2Feel-strategy%2F@94c003bafcf91008d20fb801b76df8213ada45711dc45aa63e16d4a77a1c9350
Security Audit — socket — eel-strategy