shark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner explicitly fetches and interprets public leaderboard and trader-position data (e.g., leaderboard_get_markets, leaderboard_get_top, leaderboard_get_trader_positions via mcporter_call in scripts/shark-scanner.py and shark_config.py, and Gate 1/2 in SKILL.md), which is untrusted/user-generated market/trader content and is directly used to make entry decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading scanner integrated with a runtime that manages on‑chain positions and a strategy wallet. It instructs operators to set a "strategy wallet address" in runtime.yaml, references "position_tracker" that "auto-detects position opens/closes on-chain," mentions create_position (including timeout handling), and provides CLI commands to list and inspect DSL-tracked positions (e.g., openclaw senpi dsl positions, openclaw senpi dsl inspect <ASSET>). Exits are managed by the plugin runtime (DSL) and the skill enforces trade limits, leverage, and entry rules—all indicating direct trading/asset-moving capabilities on a blockchain wallet rather than a generic tool. These are specific crypto/blockchain financial execution capabilities.