send

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes "npx fibx@latest" at runtime (which fetches and executes a remote npm package from the npm registry, e.g., https://registry.npmjs.org/) and the skill depends on that fetched code to perform sends, so it executes remote code and therefore poses a runtime remote-code risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides commands to transfer cryptocurrency: "Send native tokens (ETH, cBTC, HYPE, MON) or ERC-20 tokens to an address" and documents the exact CLI call (npx fibx@latest send [token] [--chain ]) along with prerequisites (active session, sufficient balance), simulation/execution rules, and post-send tx-status verification. This is a purpose-built crypto transaction tool (wallet/transaction execution) designed to move funds, so it matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of Direct Financial Execution.