fox-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements its core functionality by creating and managing eight OpenClaw cron jobs. These jobs execute local Python scripts (located in the scripts/ directory) to perform tasks such as market analysis, portfolio monitoring, and health checks.
- [COMMAND_EXECUTION]: All exchange interactions, including opening and closing positions or funding strategy wallets, are performed via the mcporter CLI tool interfacing with the Senpi MCP.
- [PROMPT_INJECTION]: The skill includes instructions to strictly control the agent's output behavior (e.g., 'HEARTBEAT_OK', 'Do NOT narrate'). These are used for operational efficiency and token optimization rather than bypassing safety filters.
- [SAFE]: Data Ingestion Surface: The skill ingests market and trader data from the Hyperliquid exchange via MCP tools. Potential indirect injection is mitigated as data is processed by local Python scripts before being interpreted by the agent.
- [SAFE]: No evidence of credential theft, data exfiltration, obfuscation, or malicious remote code execution was found. The skill's operations are transparently documented and align with its stated purpose of autonomous trading.
Audit Metadata