salamander-strategy
Warn
Audited by Socket on Jun 28, 2026
2 alerts found:
AnomalySecurityAnomalyREADME.md
LOWAnomalyLOW
README.md
No explicit malicious behavior is present in this fragment because it is an installation/README-style text. The major risk is supply-chain integrity: it instructs downloading strategy scripts/config from GitHub raw URLs without pinning or integrity verification, then executing the fetched code, while also passing a sensitive auth token via environment variables. This should be treated as a meaningful security review requirement: pin to commits, verify hashes/signatures, and audit the downloaded producer/config for token handling and unexpected network/logging behavior.
Confidence: 62%Severity: 58%
SecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Audit Metadata