Skills
skills/senpi-ai/senpi-skills/senpi-entrypoint/Gen Agent Trust Hub

senpi-entrypoint

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PERSISTENCE_MECHANISMS]: The skill establishes a daily background task using the openclaw cron command to execute a Python update checker script, maintaining persistence across user sessions.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses sensitive local files including wallet.json and credentials.json in the user's configuration directory to retrieve wallet addresses and account state for onboarding guidance.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill dynamically installs and executes code from the vendor's GitHub repository using npx skills add and runs a local Python script for version monitoring.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources including a GitHub catalog and a Supabase leaderboard. Ingestion points: catalog.json and Supabase API. Boundary markers: Absent. Capability inventory: npx skills add, python3, node -e. Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill performs multiple shell operations including environment setup via node -e, tool installation, and API requests using curl.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 09:41 PM