solidity-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs adding flags like --etherscan-api-key (and shows command templates that place API keys directly on the command line), so an agent following it may need to accept and embed secret API keys verbatim into generated commands, creating an exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically about deploying smart contracts and performing on-chain operations using Foundry tooling. It includes crypto/blockchain-specific commands and wallet operations: cast wallet import, cast balance, cast call, instructions to add --account <KEYSTORE_NAME> --broadcast, and use of RPC URLs and verification via --etherscan-api-key. These are not generic automation tools but concrete instructions and flags to sign and broadcast transactions (i.e., move value / execute on-chain). That matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.