The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's signal producer script (scripts/scorpion-producer.py) and legacy scanner (legacy-v1/scorpion-scanner.py) use subprocess.run to interact with the openclaw and mcporter CLI tools. This is the primary mechanism for pushing signals to the runtime and executing trades. The command arguments are constructed using hardcoded parameters and user-supplied environment variables.
[EXTERNAL_DOWNLOADS]: The installation instructions in SKILL.md direct users to fetch the skill's components from the author's official GitHub repository (github.com/Senpi-ai). These downloads involve the runtime configuration and Python scripts necessary for the agent's operation and are considered safe as they originate from the verified vendor.
[PROMPT_INJECTION]: The skill processes external market data (e.g., via leaderboard_get_markets) which is interpolated into the LLM's decision-making prompt in runtime.yaml. This creates a surface for indirect prompt injection if market metadata were to be manipulated, although the risk is low due to the structured nature of the data.
Ingestion points: leaderboard_get_markets call in scripts/scorpion-producer.py.
Boundary markers: Absent; signal data is injected directly into the prompt template via a placeholder.
Capability inventory: Subprocess execution via openclaw and trade management via mcporter based on LLM decisions.
Sanitization: No explicit sanitization of market metadata is performed prior to prompt interpolation.
[SAFE]: The skill implements a persistence mechanism via the openclaw cron command to schedule the producer script. This is the documented and transparent way to maintain the agent's operational cycle. Sensitive configuration like wallet addresses and API keys are managed through standard environment variables and local configuration placeholders.

scorpion-tracker