fund-wallet

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs remote code at runtime via the command "npx agnic@latest" (which downloads and executes the agnic npm package from the registry) and the skill relies on that command to obtain wallet status/address/balance, so this is a required external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about funding an AgnicPay wallet and includes concrete, actionable financial operations: it directs the user to a payment portal (pay.agnic.ai) and an "Add Funds" feature to deposit USDC (payment gateway behavior), and gives explicit instructions for direct crypto transfers of USDC to the shown wallet address on the Base network using wallets like MetaMask or Coinbase (crypto/wallet transfer). It also exposes CLI commands to fetch the wallet address and verify balance, which directly support moving funds. This is a specific financial execution capability, not a generic tool.