hydra-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner (scripts/hydra-scanner.py) calls external MCP tools via hydra_config.mcporter_call("market_get_prices") and mcporter_call("leaderboard_get_markets") to ingest public market and leaderboard (third‑party/user‑sourced) data and directly uses those results to score and trigger trading actions, so untrusted external content can materially influence agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that creates and manages live positions. It requires and configures a wallet (runtime.yaml, config/hydra-config.json), refers to a plugin runtime that “handles everything” including DSL exits, and includes runtime commands (openclaw senpi runtime create/list/status) and a bootstrap that "Set wallet and telegram in runtime.yaml" and installs a trading runtime. It specifies leverage, max positions, entries/day, cooldowns and banned assets and enforces exits via the DSL/plugin. These are specific, purpose-built financial execution capabilities (crypto/derivatives trading with wallet integration and automated order/position management), not generic tooling. Therefore it grants direct financial execution authority.