wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the skill's subcommands require supplying and exporting sensitive secrets (mnemonics, passwords) as CLI arguments and the example outputs include raw mnemonics, the agent would need to handle and could emit secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency wallet: it manages BIP39 mnemonics (create/import/export), stores/encrypts keys, supports unlocking a session "to enable transactions", provides addresses and balance queries for Bitcoin (L1) and Stacks (L2), and includes password/key management. These are specific crypto-wallet capabilities that enable signing and spending funds (direct financial execution). Even though a explicit "send" subcommand isn't listed, the ability to unlock keys for transactions and export/signing-capable key material meets the definition for crypto/blockchain wallet functionality.