authenticate-wallet

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx fibx@latest (which fetches and executes code from the npm registry at runtime, e.g. https://registry.npmjs.org/fibx), so it relies on remote code fetched during execution and thus executes external code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly for authenticating a crypto wallet (fibx CLI) via email OTP or private key import and is required before wallet operations like balance, send, trade, and aave. It directly involves wallet management and private key import (which enables signing/sending transactions). Because it is specifically designed around a cryptocurrency wallet and enabling wallet operations, it constitutes direct financial execution capability.