Jungle Executor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a local rule-checking skill with no credential, network, or hidden execution behavior, but it uses strong trading-control instructions and persistent memory notes that users should understand.
This skill appears safe to install as a local rule-checking aid, but treat it as advisory only: do not let it automatically place trades, close positions, or make irreversible decisions without explicit confirmation, and review any memory files it creates.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prioritize this rule framework and kill-switch logic over more nuanced user preferences during trading or high-stakes decisions.
The skill deliberately imposes strict decision gates and stopping conditions. This fits its stated rule-enforcement purpose, but the wording is broad and could strongly shape agent behavior when invoked.
Before any decision/action, validate against 12 Laws + Warden Protocols ... Self-Destruct: Hit logic-fail price/point? Immediate kill, no excuses.
Use this skill only for explicit rule-audit workflows, and require user confirmation before any real-world trading, financial, or irreversible action.
Sensitive decision history or trading rationale could remain in local memory files and be reused later.
The skill asks the agent to create persistent memory/log files. This is disclosed and aligned with self-audit, but stored trading or decision details may persist and influence later tasks.
Log & Evolve: Write violations to memory/YYYY-MM-DD.md; monthly MEMORY.md review (Law 12).
Review what gets written to memory files, avoid including unnecessary sensitive details, and delete or reset these files when they should no longer influence the agent.
The agent or user may encounter broken instructions or look for missing files, reducing reliability.
SKILL.md references resources that are not present in the supplied manifest, including references/warden-protocol.md and scripts/validate-decision.py. The included script is scripts/validate.py.
Trading Warden: references/warden-protocol.md ... Use scripts/validate-decision.py [decision-text] ... Audit Script: scripts/validate.py
Verify the package contents and use the included scripts/validate.py path unless the missing references are supplied by a trusted source.