The Agent Skills Directory

[COMMAND_EXECUTION]: The migration process uses source ~/.nansen/.env to load credentials. This executes the content of the file as shell code, which can be exploited to run arbitrary commands if the file has been tampered with.
[DATA_EXFILTRATION]: The verification step involves running nansen wallet export default, which outputs unencrypted private keys to stdout. This exposes highly sensitive secrets to the AI agent's context window, logs, and session history.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the nansen-cli Node.js package. While it is the legitimate tool for this task, it represents an external dependency that executes with the user's permissions.

nansen-wallet-migration