vulture-strategy
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process involves downloading configuration and script files from the vendor's GitHub repository (github.com/Senpi-ai/senpi-skills). These downloads are performed using standard curl commands as part of the setup and are authenticated vendor resources.
- [COMMAND_EXECUTION]: The skill interacts with the trading platform by calling the 'mcporter' utility via Python's subprocess.run. These calls are constructed safely using list-based arguments to prevent command injection.
- [DATA_EXFILTRATION]: Account-specific data such as balances and open positions are retrieved via authorized MCP tools. This data is used solely for the strategy's internal risk management and is not transmitted to external servers.
- [SAFE]: The skill follows platform best practices, such as rule-based execution and atomic file writes for configuration management.
Audit Metadata