magpie-strategy

Warn

Audited by Socket on Jun 28, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
SKILL.md
AnomalyLOW
README.md

No explicit malware behavior is shown in the provided snippet because it is largely installation/operational documentation. However, the instructions establish a high-impact supply-chain execution path: multiple executable artifacts (including a Python producer and runtime helpers) are downloaded from raw GitHub URLs at install time and then run as persistent background daemons with sensitive tokens in their environment. This pattern warrants security review of the fetched scripts/runtime plugin (integrity pinning, verification, credential handling, and network/notification behavior), since compromise would be amplified by daemon persistence and potential external messaging/logging.

Confidence: 44%Severity: 66%
Audit Metadata
Analyzed At
Jun 28, 2026, 08:49 PM
Package URL
pkg:socket/skills-sh/senpi-ai%2Fsenpi-skills%2Fmagpie-strategy%2F@87907d983c4c706d7925e69a3e3a15f88279f190e16eff4b8e9f457afb3cbb53
Security Audit — socket — magpie-strategy