thesis-fund-strategy
Warn
Audited by Socket on Jun 28, 2026
2 alerts found:
AnomalySecurityAnomalyREADME.md
LOWAnomalyLOW
README.md
No direct malware is evidenced in this fragment because it contains only setup/run instructions, not the implementation of the daemon or runtime logic. However, it describes a high-impact supply-chain execution workflow: downloading executable Python/YAML/JSON artifacts and installing a runtime plugin from remote sources without any visible integrity pinning, then executing the fetched code as a persistent daemon with SENPI_AUTH_TOKEN in its environment. This should be treated as a significant security risk pending review of the referenced scripts/runtime.yaml for data exfiltration, unsafe process/network behavior, and credential handling.
Confidence: 55%Severity: 62%
SecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Audit Metadata