scorpion-tracker

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The links point to a GitHub repo, raw.githubusercontent files and the senpi.ai domain (legitimate hosting surfaces) but the install explicitly instructs you to curl raw Python/YAML and run a Python producer — a supply‑chain risk because arbitrary code from an unvetted repo can execute on your host even though there are no obfuscated redirects or .exe binaries.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install step downloads runtime.yaml and producer scripts from https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/scorpion/runtime.yaml and https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/scorpion/scripts/scorpion-producer.py (and scorpion_config.py) which are then deployed/executed by the runtime/cron — runtime.yaml contains the LLM decision_prompt that directly controls the agent's prompts and the downloaded producer script is later executed, so these external raw.githubusercontent.com URLs are runtime-used, required, and directly control prompts/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading agent with built-in order execution on crypto and DEX markets. It references WALLET_ADDRESS and STRATEGY_ADDRESS during runtime creation, describes the DSL exit engine (FEE_OPTIMIZED_LIMIT maker/taker exits), "entry" execution by the senpi-trading-runtime, and order placement latency (~2–3s). These are concrete crypto/trading execution capabilities (wallet context, DEX/market order types, automated send/execute behavior), not generic tooling. Therefore it has direct financial execution authority.