scorpion-tracker

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs point to raw Python scripts and a YAML hosted on GitHub (and the project's own domain) which are not binary files or redirect obfuscations, but the install instructions explicitly curl-and-run unreviewed code from a relatively small/unknown project—making this a potentially risky source for malware if the repository or account is malicious or compromised.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading agent with built-in order execution on crypto and DEX markets. It references WALLET_ADDRESS and STRATEGY_ADDRESS during runtime creation, describes the DSL exit engine (FEE_OPTIMIZED_LIMIT maker/taker exits), "entry" execution by the senpi-trading-runtime, and order placement latency (~2–3s). These are concrete crypto/trading execution capabilities (wallet context, DEX/market order types, automated send/execute behavior), not generic tooling. Therefore it has direct financial execution authority.