egret-strategy

Warn

Audited by Socket on Jun 28, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
SKILL.md
AnomalyLOW
README.md

No direct malicious code is shown in the provided fragment because it is documentation and deployment orchestration, not the executable producer implementation. The primary security issue that can be asserted from this content is supply-chain integrity: it downloads executable scripts via curl from GitHub raw URLs and immediately executes them as a daemon without visible version pinning or cryptographic integrity checks. Secondary concerns include the presence of a sensitive token (SENPI_AUTH_TOKEN) whose logging/sanitization behavior is not visible here, and implied outbound notifications/actions keyed by chatId. A malware likelihood assessment remains low-to-unknown without reviewing the actual scripts and runtime.yaml.

Confidence: 42%Severity: 62%
Audit Metadata
Analyzed At
Jun 28, 2026, 08:49 PM
Package URL
pkg:socket/skills-sh/senpi-ai%2Fsenpi-skills%2Fegret-strategy%2F@c798f2d0dd5a8f2e73a3cbe020835c1317ad5ede91e25ef75e2a8076aa027f20
Security Audit — socket — egret-strategy