kodiak-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/kodiak_config.pydefines a functionmcporter_callthat usessubprocess.runto execute themcporterCLI tool. This is used to fetch market data and clearinghouse states from the Senpi platform. The implementation uses a list of arguments andshell=False(default), which prevents common shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: Both
README.mdandSKILL.mdcontain links to the author's official GitHub repository (github.com/Senpi-ai/senpi-skills) for documentation and strategy specifications. These are static references to documentation and do not result in the execution of remote code at runtime. - [DATA_EXPOSURE]: The skill reads account identifiers from environment variables (
KODIAK_WALLET,KODIAK_STRATEGY_ID). Access is restricted to the skill's specific workspace directory (/data/workspace/skills/kodiak-strategy/state) for maintaining trade history and strategy state, following best practices for isolated storage.
Audit Metadata