ox-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.85). These URLs point to a GitHub repo and raw GitHub-hosted scripts plus a vendor API domain that the README instructs you to curl/npx and execute — i.e., raw code intended to be run (which can control trading wallets when given SENPI_AUTH_TOKEN), so downloading+running them from an unverified/third‑party source is a high-risk distribution vector.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading system with direct market execution capabilities: it references wallets (OX_CORE_WALLET / OX_BALLAST_WALLET), per-signal marginUsd sizing, "FEE_OPTIMIZED_LIMIT entries + exits", leverage clamps, slot/position management, and explicitly lists tools like create_position, close_position, cancel_order, edit_position, strategy_close as reserved execution APIs. This is specifically designed to place and manage market orders and manage trading wallets (including crypto instruments), so it grants direct financial execution authority.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — ox-strategy