Skills
skills/senpi-ai/senpi-skills/jaguar-strategy/Gen Agent Trust Hub

jaguar-strategy

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The installation instructions in README.md use curl to fetch configuration and script files (e.g., jaguar-scanner.py, runtime.yaml) from the author's public GitHub repository at github.com/Senpi-ai. These are standard component downloads for the strategy and originate from the vendor's own infrastructure.
  • [COMMAND_EXECUTION]: The helper script scripts/jaguar_config.py utilizes subprocess.run to call a local CLI utility named mcporter. This tool is used to retrieve market data, check account balances, and execute trade orders. The commands are executed as structured lists, which mitigates shell injection risks.
  • [DATA_EXPOSURE]: The skill manages a user's wallet address and Telegram chat ID. These are used for trade execution and notifications, respectively. The instructions guide the user to populate these values in local configuration files (runtime.yaml and jaguar-config.json) using sed, which is a standard practice for local secrets management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:51 AM