scorpion-tracker
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches core strategy scripts and configuration files from the author's official GitHub repository at github.com/Senpi-ai/senpi-skills. These files are required for the producer and scanner components to function.
- [COMMAND_EXECUTION]: Utilizes the subprocess module to interact with platform-native CLI tools including
mcporterandopenclaw. These calls are used to fetch market data, query account status, and ingest trading signals into the runtime environment. - [PROMPT_INJECTION]: The
runtime.yamlconfiguration defines an LLM-gated entry action that processes market data signals. The prompt implementation uses clear boundary markers and strict output formatting rules to guide the model and prevent processed data from overriding intended logic. - [REMOTE_CODE_EXECUTION]: The installation instructions include downloading and running Python scripts from the vendor's repository. These operations are performed as part of the intended deployment of the trading strategy.
Audit Metadata