authenticate-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the agent to receive a user OTP and embed that code verbatim in commands (e.g., npx starkfi@latest auth verify <email> <code> and examples like ... 123456), which forces the LLM to handle and output secret-sensitive values directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/authentication tool for StarkNet (StarkFi). It provides wallet address display, session auth for signing, and an explicit "deploy" command that deploys the smart account contract on-chain and refers to ETH/STRK balance and gas settings. This is a specifically designed blockchain/wallet capability (crypto wallets/deployment), not a generic tool, so it qualifies as direct financial execution authority.