condor-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script uses subprocess.run to call the mcporter CLI tool. This is a standard mechanism on the platform for accessing MCP tools. The implementation passes arguments as a list, which effectively prevents shell injection vulnerabilities.
- [DATA_EXFILTRATION]: The skill manages wallet addresses and notification IDs by retrieving them from environment variables or local configuration files. It uses these only for local MCP tool calls and notifications. No evidence of unauthorized data exfiltration or hardcoded credentials was found.
- [SAFE]: No obfuscation, persistence mechanisms, or privilege escalation patterns were detected. The scoring logic and trading constraints are clearly defined and consistent with the skill's stated purpose. A minor path inconsistency was noted in the configuration helper (referencing mantis-strategy instead of condor-strategy), but this appears to be a non-malicious operational error.
Audit Metadata