heron-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README provides instructions for downloading strategy components from the official vendor repository (github.com/Senpi-ai/senpi-skills). This is a standard installation procedure for this skill ecosystem and targets a known vendor domain.
  • [COMMAND_EXECUTION]: The skill operates via a Python-based producer daemon (heron-producer.py) that executes locally to analyze market candles and sentiment. It interacts with the platform's trading runtime through an established helper library.
  • [SAFE]: Analysis of the source code and configuration files confirms that the skill manages credentials via environment variables and local configuration placeholders, adhering to security best practices. No evidence of obfuscation, data exfiltration, or unauthorized persistence was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — heron-strategy