raptor-strategy
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly calls MCP tools (e.g., discovery_get_top_traders, leaderboard_get_trader_positions, leaderboard_get_markets, market_get_prices via cfg.mcporter_call) to ingest leaderboard/trader/market data (user-generated trader positions and entryPx) and then uses those values to build scores and drive create_position executions, so untrusted third‑party user content can directly influence decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README and SKILL.md include explicit install commands that fetch and then execute remote Python code (e.g., curl -s https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/raptor/scripts/raptor-scanner.py -o /data/workspace/skills/raptor-strategy/scripts/raptor-scanner.py followed by python3 on that file), which is a runtime install pattern that directly downloads code executed by the agent and is therefore a high-confidence remote code execution dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that self-executes market activity. It names and describes direct order/position APIs and behaviors: "self-executing — scanner calls create_position directly via mcporter," leverage tiers (7x/8x/10x), auto-cancel of resting orders, dynamic daily P&L-aware entry caps, and per-asset cooldowns. Those are specific financial execution actions (placing/canceling orders and managing positions), not generic tooling. Therefore it grants direct financial execution authority.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata