vulture-strategy

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to raw GitHub-hosted Python scripts and runtime/config files with explicit instructions to curl and cron-run them from a third-party repo (Senpi-ai) of unclear reputation — executing unvetted code from raw links is a significant security risk (potential remote code execution/malware).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner clearly ingests untrusted third‑party market/Smart‑Money data via mcporter_call("leaderboard_get_markets") (and related market tools) and uses those live fields (direction, pct, traders, price_chg_*, etc.) to score signals and decisively call create_position (plus the SKILL.md install steps instruct downloading raw files from GitHub), so external public content is read and directly influences tool use and trade execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime/installation steps explicitly curl Python scripts and config from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/vulture/scripts/vulture-scanner.py) and then instruct running the scanner (python3 ...), meaning remote code is fetched and executed as a required runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy for crypto perpetuals and defines direct trading API calls and runtime actions. It names specific execution functions (create_position, close_position, edit_position, ratchet_stop_add / ratchet_stop_edit / ratchet_stop_delete, cancel_order, strategy_close / strategy_close_positions), requires a strategy wallet, integrates a producer cron (vulture-scanner.py) that "fires" orders, and specifies leverage, margin per position, max positions, and other execution parameters. These are concrete market-order/position management capabilities (crypto trading execution), not generic tooling. Therefore it grants direct financial execution authority.