senpi-trading-runtime

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages background trading processes ("daemons") using a dedicated process-control module (senpi_runtime_helpers/manage.py) that leverages subprocess.Popen to relaunch worker scripts. This is a core feature enabling the automated trading functionality to persist independently of the agent session.
  • [COMMAND_EXECUTION]: The bundled senpi-helpers operator CLI uses subprocess.run to invoke the pgrep system utility. This is used solely for process discovery to support environment variable inheritance for the trading daemons.
  • [DATA_EXPOSURE]: The runtime state management system implemented in senpi_runtime_helpers/state.py includes a proactive security filter (_SENSITIVE_KEYS) that scrubs sensitive credentials, such as SENPI_AUTH_TOKEN and ANTHROPIC_API_KEY, from environment snapshots before they are written to disk. This prevents accidental exposure of secrets in debug logs or state files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 09:35 PM
Security Audit — agent-trust-hub — senpi-trading-runtime