lion-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These URLs point to a GitHub repository and raw GitHub content plus a private API/domain (senpi.ai / mcp.prod.senpi.ai) that deliver executable scripts and instruct users to download and run them — not obviously malicious but higher-than-normal risk because raw.githubusercontent-hosted scripts and instructions to execute them (and to supply auth tokens) can be used to distribute malware if the repo or domain is untrusted or compromised.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading/position-management system with direct execution primitives and wallet integrations. It references wallet env vars (LION_LONG_WALLET, LION_SHORT_WALLET), cross-margined crypto + tokenized-equities routing (dex_for()), account/clearinghouse views, and emits orders (entries use FEE_OPTIMIZED_LIMIT with taker fallback). The doc names execution APIs/functions (create_position, close_position, edit_position, ratchet_stop, cancel_order, strategy_close) and describes a producer daemon that "emits" entries and a runtime DSL that owns exits. These are specific market-order and wallet-control capabilities (including DEX/crypto routing and position management), not generic tooling. Although it says user-facing Claude sessions must be read-only, the skill nonetheless contains and relies on concrete execution and wallet-control functions—i.e., direct financial execution capability.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — lion-strategy