lion-strategy
Fail
Audited by Snyk on Jun 28, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These URLs point to a GitHub repository and raw GitHub content plus a private API/domain (senpi.ai / mcp.prod.senpi.ai) that deliver executable scripts and instruct users to download and run them — not obviously malicious but higher-than-normal risk because raw.githubusercontent-hosted scripts and instructions to execute them (and to supply auth tokens) can be used to distribute malware if the repo or domain is untrusted or compromised.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a trading/position-management system with direct execution primitives and wallet integrations. It references wallet env vars (LION_LONG_WALLET, LION_SHORT_WALLET), cross-margined crypto + tokenized-equities routing (dex_for()), account/clearinghouse views, and emits orders (entries use FEE_OPTIMIZED_LIMIT with taker fallback). The doc names execution APIs/functions (create_position, close_position, edit_position, ratchet_stop, cancel_order, strategy_close) and describes a producer daemon that "emits" entries and a runtime DSL that owns exits. These are specific market-order and wallet-control capabilities (including DEX/crypto routing and position management), not generic tooling. Although it says user-facing Claude sessions must be read-only, the skill nonetheless contains and relies on concrete execution and wallet-control functions—i.e., direct financial execution capability.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata