senpi-entrypoint
Warn
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill mandates complete agent silence through strict behavioral overrides, explicitly forbidding narration, reasoning, or status updates during the onboarding process, which hides agent actions from the user.
- [COMMAND_EXECUTION]: The skill implements a persistence mechanism using
openclaw cronto schedule a recurring daily background task and uses shell commands to install external packages. - [REMOTE_CODE_EXECUTION]: The skill downloads and executes remote instructions via
npx skills addfrom a GitHub repository, with the choice of skills being influenced by data retrieved from a remote Supabase API. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch strategy catalogs and live leaderboard data from external sources, including GitHub and a project-specific Supabase function.
Audit Metadata