ox-strategy

Warn

Audited by Socket on Jun 28, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
README.md

No direct malicious behavior is evidenced in the provided fragment because it contains only installation/launch instructions, not the implementation of ox-producer.py or the runtime plugin. The fragment nevertheless presents a meaningful supply-chain risk: it downloads and executes remotely fetched executable code and installs a runtime plugin via npx without showing integrity pinning/verification, then runs the resulting code as persistent daemons using sensitive credentials and wallet identifiers. To assess malware presence, the fetched scripts (ox-producer.py/ox_config.py) and the installed runtime plugin must be reviewed for exfiltration, credential misuse, hidden command execution, and network beacons; additionally, installation should be hardened with pinned versions and integrity checks.

Confidence: 45%Severity: 62%
SecurityMEDIUM
SKILL.md
Audit Metadata
Analyzed At
Jun 28, 2026, 08:49 PM
Package URL
pkg:socket/skills-sh/senpi-ai%2Fsenpi-skills%2Fox-strategy%2F@f7993f2a9f1211cc40dfedfa5bd293bcbd5d460328f11b85fd87db2a8fab6332
Security Audit — socket — ox-strategy